| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rms at computerbytesman.com (Richard M. Smith) Subject: Internet Explorer 6 DoS Bug Here's what I wrote about the Windows AUX bug in 1996: http://groups.google.com/groups?selm=01bbf024%2463d4cd00%24a78103c7%40ti ac.net.tiac.net&oe=UTF-8&output=gplain 3). Including the HTML tag <img src="file:///aux"> in an HTML attachment will crash the Windows 95 version of Navigator. Attempting to shudown Navigator can also takedown Windows 95. And here's another variation of the bug also from 1996: http://groups.google.com/groups?selm=01bbd759%24722c7d00%24a78103c7%40ti ac.net.tiac.net&oe=UTF-8&output=gplain An interesting thing is that Microsoft has their own version of the "Exploder" control. Its called ActiveMovie. Its designed to play AVI movies within Internet Explorer. It becomes an exploder control if it is told to play a movie from the URL file:///AUX . This URL locks up ActiveMovie and often crashes Windows 95. Richard -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Peter Kruse Sent: Tuesday, July 08, 2003 3:00 AM To: 'Richard M. Smith'; full-disclosure@...ts.netsys.com Subject: SV: [Full-Disclosure] Internet Explorer 6 DoS Bug Hi, This is really scary! This can be exploited remotely in several ways. I have succesfully DoS?ed several machines using a simple <img src=c:\aux> in a HTML page. In order to test this remotely I have put up a POC page that can be accessed here: http://www.krusesecurity.dk/aux_dos.htm. If your browser crash you?re vulnerable to a remote DoS using the ooold aux trick. HTML based e-mails will also crash already vulnerable systems. If a system is vulnerable this DoS can be succesfully conducted in many ways. Med venlig hilsen // Kind regards Peter Kruse Kruse Security http://www.krusesecurity.dk -----Oprindelig meddelelse----- Fra: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] P? vegne af Richard M. Smith Sendt: 8. juli 2003 01:40 Til: 'Dan Williams'; full-disclosure@...ts.netsys.com Emne: RE: [Full-Disclosure] Internet Explorer 6 DoS Bug Does an HTML IMG tag like <img src=c:\aux> also cause a crash? This kind of tag can be embedded in an HTML email message. If the bug shows up also in an IMG tag, then an Email reader like Outlook or Outlook Express can be DoSed. Ditto for Hotmail and Yahoo mail. Richard _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists