Re: DoS vulnerability in Internet Explorer

["MustLive" <mustlive () websecurity com ua>]

Hello Laurent!

You was left almost on two years.

In October 2008 I released exploits for blocking DoS with alertbox which
affect many browsers ;-). As you can found it in my post DoS in Firefox,
Internet Explorer and Google Chrome (http://websecurity.com.ua/2575/).

I showed three variants of this attack, to show possibilities of bypassing
browsers protection. If you Laurent, who trying to show himself as security
professional, didn't know, so I'll tell you, that already in 2008 there were
browsers which can block such attacks. So your statement "in every browser
finaly" is incorrect already for two years. And in my post I published three
exploits for such DoS attack and the third one bypassed Google Chrome's
protection (versions 0.2.149.30 and 0.3.154.9 at that time). But Opera 9.52
was not affected at all. So Opera was most secure browser for this
particular attack :-).

During 2008-2010 I released a lot of different exploits of blocking DoS and
other types of DoS for different browsers. And I posted about these holes to
SecurityVulns (http://securityvulns.com/source15611.html).

And note that in this particular letter, on which you replied, I talked
about IE and about DoS without using any loops, just only one small string
with expression in style.

> Sorry Mustlive,
> i understand you need to see this in clear text finaly.
> I guess ascii is the best to communicate with you;

You didn't understand, Laurent. The best and only way to communicate with me 
it's cultural communication. If you can't speak with me in cultural manner, 
then better don't write me at all. Because I don't have to teach you good 
manners and if you'll continue to write me in such not serious tone, then 
I'll just banned you. So if you want to be put into my blacklist, you only 
need to write me about it or write me one more not serious letter. And I 
quickly fix this issue.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: "Laurent Gaffie" <laurent.gaffie () gmail com>
To: "MustLive" <mustlive () websecurity com ua>
Sent: Tuesday, June 01, 2010 4:50 PM
Subject: Re: [Full-disclosure] DoS vulnerability in Internet Explorer


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello Full-Disclosure!
>
> I want to warn you about a Denial of Service in every browser finaly !!!
>
> It actually affect every browser with a javascript engine  build in !!!
>
> Adobe may be vulnerable to !!!!
>
> PoC :
>
> <html>
> <head><title>0n0z</title></head>
> <body>
> <script type="text/javascript">
> for (i=0;i<65535;i++) {
>  alert('0n0z mustlive got you, now you're fucked, the only solution
> is to restart your browser or be faster than JS !!!');
> }
> </script>
> </body>
> </html>
>
> Greetz to Mustlive () oswap com ua
>
>
> On 01/06/10 22:42, MustLive wrote:
> > Hello Full-Disclosure!
> >
> > I want to warn you about Denial of Service vulnerability in Internet
> > Explorer. Which I already disclosed at my site in 2008 (at 29.09.2008).
> > But
> > recently I made new tests concerning this vulnerability, so I decided to
> > remind you about it.
> >
> > I know this vulnerability for a long time - it's well-known DoS in IE. It
> > works in IE6 and after release of IE7 I hoped that Microsoft fixed this
> hole
> > in seventh version of the browser. But as I tested at 29.09.2008, IE7 was
> > also vulnerable to this attack. And as I tested recently, IE8 is also
> > vulnerable to this attack.
> >
> > Also I informed Microsoft at 01.10.2008 about it, but they ignored and
> > didn't fix it. They didn't fix the hole not in IE6, nor in IE7, nor in
> > IE8.
> >
> > That time I published about this vulnerability at SecurityVulns
> > (http://securityvulns.com/Udocument636.html).
> >
> > DoS:
> >
> > Vulnerability concerned with handling by browser of expression in styles,
> > which leads to blocking of work of IE.
> >
> > http://websecurity.com.ua/uploads/2008/IE%20DoS%20Exploit4.html
> >
> > Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet
> > Explorer 7 (7.0.6000.16711), Internet Explorer 8 (8.0.7600.16385) and
> > previous versions.
> >
> > To Susan Bradley from Bugtraq:
> >
> > This is one of those cases, which I told you before, when browser vendors
> > ignore to fix DoS holes in their browsers for many years.
> >
> > Best wishes & regards,
> > MustLive
> > Administrator of Websecurity web site
> > http://websecurity.com.ua
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/