April appeared to be a month of IE bugs. Here's another one.

From: ERRor (errorat_private)
Date: Tue Apr 29 2003 - 11:23:15 PDT

Next message: Davide Del Vecchio: "HPUX rexec buffer overflow vulnerability"

Previous message: bugzillaat_private: "[Full-Disclosure] [RHSA-2003:093-01] Updated MySQL packages fix vulnerabilities"
Next in thread: Cove Schneider: "Re: April appeared to be a month of IE bugs. Here's another one."
Reply: Cove Schneider: "Re: April appeared to be a month of IE bugs. Here's another one."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, Bugtraq.

Malicious htm file can freeze IE with 100% CPU usage:
Construct the file freeze.htm:
c:\>perl -e "print qq'\xFF\xFE'; print qq'\r\n' x 30000" > freeze.htm

After opening freeze.htm IE will hang with 100% CPU usage until IEXPLORE.EXE
process is not killed. Two bytes (0xff 0xfe) at the beginning of the file
mean that
the encoding is unicode. So the internal unicode representation of the CR LF
sequence
will look like 0D0A0D0A but not 000D000A (if the file was a plain ASCII).
Tested on IE 6.0 with all fixes, i think other versions also vulnerable.


Best Regards, ERRor, dHtm.
P.S. greets to .einstein. and dHtm

Next message: Davide Del Vecchio: "HPUX rexec buffer overflow vulnerability"
Previous message: bugzillaat_private: "[Full-Disclosure] [RHSA-2003:093-01] Updated MySQL packages fix vulnerabilities"
Next in thread: Cove Schneider: "Re: April appeared to be a month of IE bugs. Here's another one."
Reply: Cove Schneider: "Re: April appeared to be a month of IE bugs. Here's another one."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 29 2003 - 12:44:16 PDT