• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer OnUnload Null Pointer Dereference Vulnerability

The following proof of concept is available:

http://lcamtuf.coredump.cx/ietrap/testme.html