Bugtraq mailing list archives
Re: April appeared to be a month of IE bugs. Here's another one.
From: Cove Schneider <cove () wildpackets com>
Date: Tue, 29 Apr 2003 12:59:21 -0700
Apple's Safari browser appears to be effected too.... Safari 1.0 Beta 2 (v73)PID COMMAND %CPU TIME #TH #PRTS #MREGS RPRVT RSHRD RSIZE VSIZE 3249 Safari 94.2% 0:07.20 4 108 288 5.40M 23.1M 14.7M 130M
On Tuesday, April 29, 2003, at 11:23 AM, ERRor wrote:
Hello, Bugtraq. Malicious htm file can freeze IE with 100% CPU usage: Construct the file freeze.htm: c:\>perl -e "print qq'\xFF\xFE'; print qq'\r\n' x 30000" > freeze.htmAfter opening freeze.htm IE will hang with 100% CPU usage until IEXPLORE.EXE process is not killed. Two bytes (0xff 0xfe) at the beginning of the filemean thatthe encoding is unicode. So the internal unicode representation of the CR LFsequencewill look like 0D0A0D0A but not 000D000A (if the file was a plain ASCII). Tested on IE 6.0 with all fixes, i think other versions also vulnerable.Best Regards, ERRor, dHtm. P.S. greets to .einstein. and dHtm
Current thread:
- Re: April appeared to be a month of IE bugs. Here's another one. ERRor (May 01)
- Re: April appeared to be a month of IE bugs. Here's another one. mbergson <Joachim.Strombergson () InformAsic com> (May 02)
- <Possible follow-ups>
- Re: April appeared to be a month of IE bugs. Here's another one. Cove Schneider (May 01)
- Re: April appeared to be a month of IE bugs. Here's another one. Cove Schneider (May 01)