lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <002901c3454d$00199220$550ffea9@rms>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Internet Explorer 6 DoS Bug

Here's what I wrote about the Windows AUX bug in 1996:

http://groups.google.com/groups?selm=01bbf024%2463d4cd00%24a78103c7%40ti
ac.net.tiac.net&oe=UTF-8&output=gplain

3). Including the HTML tag <img src="file:///aux"> in an HTML attachment
will crash the Windows 95 version of Navigator.  Attempting to shudown
Navigator can also takedown Windows 95.

And here's another variation of the bug also from 1996:

http://groups.google.com/groups?selm=01bbd759%24722c7d00%24a78103c7%40ti
ac.net.tiac.net&oe=UTF-8&output=gplain

An interesting thing is that Microsoft has their own version of the
"Exploder" control.  Its called ActiveMovie.  Its designed to play AVI
movies within
Internet Explorer.  It becomes an exploder control if it is told to play
a movie from the URL file:///AUX .  This URL locks up ActiveMovie and
often crashes Windows 95.  

Richard

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Peter Kruse
Sent: Tuesday, July 08, 2003 3:00 AM
To: 'Richard M. Smith'; full-disclosure@...ts.netsys.com
Subject: SV: [Full-Disclosure] Internet Explorer 6 DoS Bug


Hi,

This is really scary!  

This can be exploited remotely in several ways. 

I have succesfully DoS?ed several machines using a simple <img
src=c:\aux> in a HTML page. In order to test this remotely I have put up
a POC page that can be accessed here:
http://www.krusesecurity.dk/aux_dos.htm. If your browser crash you?re
vulnerable to a remote DoS using the ooold aux trick. 
 
HTML based e-mails will also crash already vulnerable systems. If a
system is vulnerable this DoS can be succesfully conducted in many ways.


Med venlig hilsen // Kind regards

Peter Kruse
Kruse Security
http://www.krusesecurity.dk





-----Oprindelig meddelelse-----
Fra: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] P? vegne af Richard M.
Smith
Sendt: 8. juli 2003 01:40
Til: 'Dan Williams'; full-disclosure@...ts.netsys.com
Emne: RE: [Full-Disclosure] Internet Explorer 6 DoS Bug


Does an HTML IMG tag like <img src=c:\aux> also cause a crash?  This
kind of tag can be embedded in an HTML email message.  If the bug shows
up also in an IMG tag, then an Email reader like Outlook or Outlook
Express can be DoSed.  Ditto for Hotmail and Yahoo mail.

Richard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ