[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <002301c3451e$9c5b9950$0202a8c0@teliahomebase>
From: kruse at krusesecurity.dk (Peter Kruse)
Subject: SV: Internet Explorer 6 DoS Bug
Hi,
This is really scary!
This can be exploited remotely in several ways.
I have succesfully DoS?ed several machines using a simple <img
src=c:\aux> in a HTML page. In order to test this remotely I have put up
a POC page that can be accessed here:
http://www.krusesecurity.dk/aux_dos.htm. If your browser crash you?re
vulnerable to a remote DoS using the ooold aux trick.
HTML based e-mails will also crash already vulnerable systems. If a
system is vulnerable this DoS can be succesfully conducted in many ways.
Med venlig hilsen // Kind regards
Peter Kruse
Kruse Security
http://www.krusesecurity.dk
-----Oprindelig meddelelse-----
Fra: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] P? vegne af Richard M.
Smith
Sendt: 8. juli 2003 01:40
Til: 'Dan Williams'; full-disclosure@...ts.netsys.com
Emne: RE: [Full-Disclosure] Internet Explorer 6 DoS Bug
Does an HTML IMG tag like <img src=c:\aux> also cause a crash? This
kind of tag can be embedded in an HTML email message. If the bug shows
up also in an IMG tag, then an Email reader like Outlook or Outlook
Express can be DoSed. Ditto for Hotmail and Yahoo mail.
Richard
Powered by blists - more mailing lists