lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E19aJHo-0000XA-00@blackjack.cruzio.com>
From: ericv at cruzio.com (Eric N. Valor)
Subject: Re: Revisited Internet Explorer 6 DoS Bug

I tried with my W2K box and Netscape 7.02, IE 5.0, and Mozilla1.2.1 and did 
not freeze with either.  I'm using W2K-SP2 and have devices attached to both 
COM1 and COM2.

> From: "Peter Kruse" <kruse@...sesecurity.dk>
>
> Hi all,
>
> The problem is surely related to the serial communication ports. It can
> also, besides from the AUX call, be reproduced with a file:///c:/com1 or
> file:///c:/com2 and so on ;-)
>
> It?s possible to remotely DoS a browser this way. I?ve recieved several
> reports, that this issue affects many other browsers, and can cause
> Mcirosoft Windows to completely crash. ?
>
> I have put up a new testpage using a simple: <img src=file:///c:/com1>
> at:
> http://www.krusesecurity.dk/com1_dos.htm
>
> [Don?t go there unless you really want to!]
>
> This attack can also be conducted with HTML based e-mails.


-- 
Eric N. Valor
ericv@...zio.com
PGP Key 2048/1024 227B04CB
Key Fingerprint = 766C CA15 0FFF E54B 2FEE  C7D7 0F87 3AFB 227B 04CB

: This Space Intentionally Left Blank :

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ