lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Jun 2010 15:42:58 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <full-disclosure@...ts.grok.org.uk> Subject: DoS vulnerability in Internet Explorer Hello Full-Disclosure! I want to warn you about Denial of Service vulnerability in Internet Explorer. Which I already disclosed at my site in 2008 (at 29.09.2008). But recently I made new tests concerning this vulnerability, so I decided to remind you about it. I know this vulnerability for a long time - it's well-known DoS in IE. It works in IE6 and after release of IE7 I hoped that Microsoft fixed this hole in seventh version of the browser. But as I tested at 29.09.2008, IE7 was also vulnerable to this attack. And as I tested recently, IE8 is also vulnerable to this attack. Also I informed Microsoft at 01.10.2008 about it, but they ignored and didn't fix it. They didn't fix the hole not in IE6, nor in IE7, nor in IE8. That time I published about this vulnerability at SecurityVulns (http://securityvulns.com/Udocument636.html). DoS: Vulnerability concerned with handling by browser of expression in styles, which leads to blocking of work of IE. http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet Explorer 7 (7.0.6000.16711), Internet Explorer 8 (8.0.7600.16385) and previous versions. To Susan Bradley from Bugtraq: This is one of those cases, which I told you before, when browser vendors ignore to fix DoS holes in their browsers for many years. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists