Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Re: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)
Apr 21 2003 05:26PM
mattmurphy kc rr com
In-Reply-To: <20030416195550.2126.qmail (at) www.securityfocus (dot) com [email concealed]>
>*Description*
>Microsoft Internet Explorer 6.0 (other versions not tested) is
>vulnerable to a DoS when specially crafted html is present on a page.
>The vulnerability is in the processing of the OBJECT tag.
A *year-old* DoS. This is one good reason for researchers to make sure
they aren't posting duplicates. I've criticized Microsoft's support
policies in the past for cutting off support channels for small bugs such
as this.
On a more positive note, I'd like to add that Microsoft is apparently re-
investigating this issue to determine why I wasn't able to squeeze at
least a service-pack fix out of them. :-)
W2ksp3 is not vulnerable to the bug in the same way that other OSes are;
MS nicely patched it so that it displayed a warning when processing
folder templates over a network. Other systems lack this protection, and
will happily download and script folder content over a hostile network.
By crafting the folder template to exploit this, you could cause an
infinite loop on some Windows versions, as the shell crashes, and
restarts automatically -- with its folders intact. This starts an ugly
spiral until the system becomes unusable from the console, and must be
restarted. Worse, similar behavior occurs the next time a user logs in --
the system must be un-plugged from the internet to prevent the mess from
starting over.
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
>*Description*
>Microsoft Internet Explorer 6.0 (other versions not tested) is
>vulnerable to a DoS when specially crafted html is present on a page.
>The vulnerability is in the processing of the OBJECT tag.
A *year-old* DoS. This is one good reason for researchers to make sure
they aren't posting duplicates. I've criticized Microsoft's support
policies in the past for cutting off support channels for small bugs such
as this.
On a more positive note, I'd like to add that Microsoft is apparently re-
investigating this issue to determine why I wasn't able to squeeze at
least a service-pack fix out of them. :-)
W2ksp3 is not vulnerable to the bug in the same way that other OSes are;
MS nicely patched it so that it displayed a warning when processing
folder templates over a network. Other systems lack this protection, and
will happily download and script folder content over a hostile network.
By crafting the folder template to exploit this, you could cause an
infinite loop on some Windows versions, as the shell crashes, and
restarts automatically -- with its folders intact. This starts an ugly
spiral until the system becomes unusable from the console, and must be
restarted. Worse, similar behavior occurs the next time a user logs in --
the system must be un-plugged from the internet to prevent the mess from
starting over.
[ reply ]