| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Law11-OE314EnAv1Og700010597@hotmail.com> From: se_cur_ity at hotmail.com (morning_wood) Subject: IE6 - Crash via DOS device Oct 30, 2003 Donnie Werner morning_wood@...loitlabs.com I thought these bugs in Internet Explorer 6 had been fixed... all of these make use of a local call to a legacy DOS device, example ( file:///AUX ) as a link, called in an iframe ( XSS ) or used as an IMG tag. I tested, "CON", "PRN", "AUX", "COMx", "LPTx", "CLOCK$" and "NUL" only AUX and COM1 caused a lockup of Internet Explorer 6 do these links crash your browser? 1. http://exploitlabs.com/files/notices/AUXcrash.html <--- click for links to crash 2. http://exploitlabs.com/files/notices/AUX-iframe.html <-- click this link to crash 3. http://exploitlabs.com/files/notices/AUX-img.html <-- click this link to crash note: these can be embeded via Cross Site Scripting ( XSS ) to deny service to a website to those clients trying to connect via affected versions of IE6 Donnie Werner http://exploit.labs.com morning_wood@...loitlabs.com
Powered by blists - more mailing lists