Internet Explorer Javascript Modeless Popup Local Denial of Service Vulnerability

[Lance Hitchcock Jr. <whizack () attbi com>]

Description:
there is a bug in Internet Explorer 6 (probably lower 
versions down to 5.0 as well) that allows for a 
javascript to call an infinite amount of modeless 
dialogs containing the page it was opened in, thus 
creating an endless loop and rendering the internet 
explorer useless, this also managed to stay open 
after killing the iexplore process and continued to 
loop until cpu usage was maxed at 100%. due to the 
nature of the showModelessDialog() function, the 
dialog fails to give up focus and the machine may 
even become unable to function requiring a reboot of 
the machine to regain control of the user interface.

Risk:

Moderate? 

Systems Effected:
     Internet Explorer 6.0
     Internet Explorer 5.5
     
Possibly 5.0 if the function is supported in that 
version. No box with 5.0 was available to test.

Vendor Status:
     Sending a Copy of this Message to them as I type.

Example:
      Place this Code into a html file called exploit.html :

<html>
<head>
<script type="javascript">
function exploit() {
while(1) { 
showModelessDialog("exploit.html");
}
</script>
</head>
<body onLoad="exploit">
</body>
</html>

Workaround:

     Disable Javascript


/* took 20 min and a Javascript Book, that's all it 
takes to kill a windows box */