lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030421172647.22728.qmail@www.securityfocus.com>
Date: 21 Apr 2003 17:26:47 -0000
From: <mattmurphy@...rr.com>
To: bugtraq@...urityfocus.com
Subject: Re: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)


In-Reply-To: <20030416195550.2126.qmail@....securityfocus.com>

>*Description*
>Microsoft Internet Explorer 6.0 (other versions not tested) is 
>vulnerable to a DoS when specially crafted html is present on a page.  
>The vulnerability is in the processing of the OBJECT tag.

A *year-old* DoS.  This is one good reason for researchers to make sure 
they aren't posting duplicates.  I've criticized Microsoft's support 
policies in the past for cutting off support channels for small bugs such 
as this.

On a more positive note, I'd like to add that Microsoft is apparently re-
investigating this issue to determine why I wasn't able to squeeze at 
least a service-pack fix out of them. :-)

W2ksp3 is not vulnerable to the bug in the same way that other OSes are; 
MS nicely patched it so that it displayed a warning when processing 
folder templates over a network.  Other systems lack this protection, and 
will happily download and script folder content over a hostile network.  
By crafting the folder template to exploit this, you could cause an 
infinite loop on some Windows versions, as the shell crashes, and 
restarts automatically -- with its folders intact.  This starts an ugly 
spiral until the system becomes unusable from the console, and must be 
restarted.  Worse, similar behavior occurs the next time a user logs in --
 the system must be un-plugged from the internet to prevent the mess from 
starting over.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ