Full Disclosure mailing list archives
Re: DoS vulnerability in Internet Explorer
From: Laurent Gaffie <laurent.gaffie () gmail com>
Date: Tue, 01 Jun 2010 23:54:33 +1000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Full-Disclosure! I want to warn you about a Denial of Service in every browser finaly !!! It actually affect every browser with a javascript engine build in !!! Adobe may be vulnerable to !!!! PoC : <html> <head><title>0n0z</title></head> <body> <script type="text/javascript"> for (i=0;i<65535;i++) { alert('0n0z mustlive got you, now you're fucked, the only solution is to restart your browser or be faster than JS !!!'); } </script> </body> </html> Greetz to Mustlive () oswap com ua On 01/06/10 22:42, MustLive wrote:
Hello Full-Disclosure! I want to warn you about Denial of Service vulnerability in Internet Explorer. Which I already disclosed at my site in 2008 (at 29.09.2008). But recently I made new tests concerning this vulnerability, so I decided to remind you about it. I know this vulnerability for a long time - it's well-known DoS in IE. It works in IE6 and after release of IE7 I hoped that Microsoft fixed this
hole
in seventh version of the browser. But as I tested at 29.09.2008, IE7 was also vulnerable to this attack. And as I tested recently, IE8 is also vulnerable to this attack. Also I informed Microsoft at 01.10.2008 about it, but they ignored and didn't fix it. They didn't fix the hole not in IE6, nor in IE7, nor in IE8. That time I published about this vulnerability at SecurityVulns (http://securityvulns.com/Udocument636.html). DoS: Vulnerability concerned with handling by browser of expression in styles, which leads to blocking of work of IE. http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet Explorer 7 (7.0.6000.16711), Internet Explorer 8 (8.0.7600.16385) and previous versions. To Susan Bradley from Bugtraq: This is one of those cases, which I told you before, when browser vendors ignore to fix DoS holes in their browsers for many years. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMBREZAAoJEEESJ0AJ05HwfboP/iKyZAkaZk1xE17ExXkRDvfE 7Adra0Zf2RE6diDzK6FegUXyOQok9zYMTU+akx9OoxyC3zF1RWJQMWZAZEq3KpNp AmUmrTaS46mXWeZfUomDbdKHJq3LZtlD4K4BDkOU/T4gvAFF9BRdRetawm4aEwMB JQ3Qp8jMnv+wLGxfAoTUS0bTaXWjxPdf2SEfgwvZdnpY9HYDft+/qKHbPBJeK2oi A8zTirz/9UeoJDnq2hTvyeONVsOn6rAdvPzrag3e5vq77fbpbHtxVA8OfYUgiEGp KsKiNmrTMVHxvwaHrRPxQkpmzNDx7R84l693xbOkiS1pm0Zq4A0CiZEuvU8H/FBd XuKWkeR35H7RF42E5iVo/E3MFJkT+sBtqJdFigKJSIge/Y2omqbKsyVTG20SF5s0 l/zHJqyZgYl5c8qMrKrvNyglbYgpYRKwIa1wYsHbimNJWho32lc8bU8xY6nQEZ+z H1SXer6B9bDJV9hSBGxQuACYBXzzKMeB2tom4DpoH789gZ0tsQp0H9lQbji61PlK kUKM0pGw0MKMjzGOXH7qjEo0eHaQhhr6PnCTOVofXARX5pmXRFxAdJe8dG3VTOqO llrbFxenJJTrmSv8YPHuiZT5QUledpXmpIi2eegjzxwGwpPmXbAoqg9QaVJ501Yv mpMV1kIb911r6Ps4UhGp =n3v/ -----END PGP SIGNATURE-----
Attachment:
0x09D391F0.asc
Description:
Attachment:
0x09D391F0.asc
Description:
Attachment:
0x09D391F0.asc
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DoS vulnerability in Internet Explorer MustLive (Jun 01)
- Message not available
- Re: DoS vulnerability in Internet Explorer Laurent Gaffie (Jun 01)
- Re: DoS vulnerability in Internet Explorer PsychoBilly (Jun 01)
- Re: DoS vulnerability in Internet Explorer Pablo Ximenes (Jun 02)
- Re: DoS vulnerability in Internet Explorer Laurent Gaffie (Jun 01)
- Message not available
- Re: DoS vulnerability in Internet Explorer Jeff Williams (Jun 02)
- Re: DoS vulnerability in Internet Explorer Christian Sciberras (Jun 02)
- Re: DoS vulnerability in Internet Explorer MustLive (Jun 06)
- Re: DoS vulnerability in Internet Explorer Christian Sciberras (Jun 02)
- Re: DoS vulnerability in Internet Explorer Jan Schejbal (Jun 03)
- Message not available
- Re: DoS vulnerability in Internet Explorer MustLive (Jun 03)
- <Possible follow-ups>
- Re: DoS vulnerability in Internet Explorer Laurent Gaffie (Jun 01)