today another very didactical 0day has been released. It affects Apple Safari window.parent.close() function.
Description:
The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected.
The Exploit (click for enlarge):
Exploit Hight lights
(1) The vulnerable Function:
(2) Buffer Preparation:
(3) Memory Inclusion
I believe this is another interesting example of pointer manipulation (or if you wanna see from the other side, Buffer Overflow ) vulnerability. I wrote this post to remember this example for my next class (Fall 2010).
 -> code execution.){kind=link}