lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: se_cur_ity at hotmail.com (morning_wood)
Subject: IE6 - Crash via DOS device

Oct 30, 2003
Donnie Werner
morning_wood@...loitlabs.com

I thought these bugs in Internet Explorer 6 had been fixed...

all of these make use of a local call to a
legacy DOS device, example
( file:///AUX ) as a link, called in an iframe ( XSS ) or used as an IMG
tag.
I tested,  "CON", "PRN", "AUX", "COMx", "LPTx", "CLOCK$" and "NUL"
only AUX and COM1 caused a lockup of Internet Explorer 6

do these links crash your browser?
1. http://exploitlabs.com/files/notices/AUXcrash.html <--- click for links
to crash
2. http://exploitlabs.com/files/notices/AUX-iframe.html <-- click this link
to crash
3. http://exploitlabs.com/files/notices/AUX-img.html <-- click this link to
crash

note: these can be embeded via Cross Site Scripting ( XSS ) to deny service
to a website to those clients trying to connect via affected versions of IE6

Donnie Werner
http://exploit.labs.com
morning_wood@...loitlabs.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ