April appeared to be a month of IE bugs. Here's another one.

["ERRor" <error () pochtamt ru>]

Hello, Bugtraq.

Malicious htm file can freeze IE with 100% CPU usage:
Construct the file freeze.htm:
c:\>perl -e "print qq'\xFF\xFE'; print qq'\r\n' x 30000" > freeze.htm

After opening freeze.htm IE will hang with 100% CPU usage until IEXPLORE.EXE
process is not killed. Two bytes (0xff 0xfe) at the beginning of the file
mean that
the encoding is unicode. So the internal unicode representation of the CR LF
sequence
will look like 0D0A0D0A but not 000D000A (if the file was a plain ASCII).
Tested on IE 6.0 with all fixes, i think other versions also vulnerable.


Best Regards, ERRor, dHtm.
P.S. greets to .einstein. and dHtm