Vulnerability Development mailing list archives

Re: IE Denial of service (sorta)

From: "Alan Richardson - Stuff Trading" <stufftrading () optusnet com au>
Date: Thu, 6 Dec 2001 09:53:33 +1100

Hello,

Patched (all standard MS security & update patches, up to Oct 01) Win98SE
with IE 5.00.3314.2100 (256Mb RAM) lost approx 3% CPU (Celeron 466/66) over
10 minutes in both instances - not too shabby considering the amount of
rubbish I tend to run in the bg on this box...haven't tested with other
boxes and/or OS's though.

Stuff


Hey

I found this months ago and though it was patched but it managed to cause

new errors

on win me with all updates on IE in kernel. On default win2k IE install it

sucks up 100 percent cpu

for half on hour(128 meg of ram).

Please click on it and tell me what happens to you.
(include version and patch info)

Its a image tag with some garbage characters in a particular order.
I haven't bothered contacting microsoft yet because I'm not sure just how

common a problem

this is, and with what patches installed.

www.cgisecurity.com/crash.shtml
also try /crash2.shtml

-zenomorph

Current thread:

IE Denial of service (sorta) zeno (Dec 04)
- AW: IE Denial of service (sorta) Matthias Kerstner (Dec 05)
- AW: IE Denial of service (sorta) Matthias Kerstner (Dec 05)
- Re: IE Denial of service (sorta) Nick Lange (Dec 05)
- Re: IE Denial of service (sorta) Alan Richardson - Stuff Trading (Dec 05)
- RE: IE Denial of service (sorta) R. Toma (Dec 05)
- Re: IE Denial of service (sorta) Simon Kornblith (Dec 07)
- <Possible follow-ups>
- Re: IE Denial of service (sorta) zeno (Dec 05)
  - Re: IE Denial of service (sorta) Thor (Dec 05)
  - Re: IE Denial of service (sorta) Kerry (Dec 05)
  - RE: IE Denial of service (sorta) Colby Marks (Dec 06)
- RE: IE Denial of service (sorta) John Thornton (Dec 05)