('binary' encoding is not supported, stored as-is) In-Reply-To: <20030416195550.2126.qmailat_private> >*Description* >Microsoft Internet Explorer 6.0 (other versions not tested) is >vulnerable to a DoS when specially crafted html is present on a page. >The vulnerability is in the processing of the OBJECT tag. A *year-old* DoS. This is one good reason for researchers to make sure they aren't posting duplicates. I've criticized Microsoft's support policies in the past for cutting off support channels for small bugs such as this. On a more positive note, I'd like to add that Microsoft is apparently re- investigating this issue to determine why I wasn't able to squeeze at least a service-pack fix out of them. :-) W2ksp3 is not vulnerable to the bug in the same way that other OSes are; MS nicely patched it so that it displayed a warning when processing folder templates over a network. Other systems lack this protection, and will happily download and script folder content over a hostile network. By crafting the folder template to exploit this, you could cause an infinite loop on some Windows versions, as the shell crashes, and restarts automatically -- with its folders intact. This starts an ugly spiral until the system becomes unusable from the console, and must be restarted. Worse, similar behavior occurs the next time a user logs in -- the system must be un-plugged from the internet to prevent the mess from starting over.
This archive was generated by hypermail 2b30 : Mon Apr 21 2003 - 10:52:51 PDT