Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Revisited Internet Explorer 6 DoS Bug

From: "Simon Lorentsen" <s.lorentsen () box-smart net>
Date: Tue, 8 Jul 2003 21:24:37 +0100
Peter,

Just out of curiosity I tried it, nothing, not a bean, however I am open
to the other bug.

Sincerely yours,
 
Simon Lorentsen

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Peter Kruse
Sent: 08 July 2003 20:12
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Revisited Internet Explorer 6 DoS Bug


Hi all,

The problem is surely related to the serial communication ports. It can
also, besides from the AUX call, be reproduced with a file:///c:/com1 or
file:///c:/com2 and so on ;-)

It´s possible to remotely DoS a browser this way. I´ve recieved several
reports, that this issue affects many other browsers, and can cause
Mcirosoft Windows to completely crash.  

I have put up a new testpage using a simple: <img src=file:///c:/com1>
at:
http://www.krusesecurity.dk/com1_dos.htm

[Don´t go there unless you really want to!]

This attack can also be conducted with HTML based e-mails.

Med venlig hilsen // Kind regards

Peter Kruse
Kruse Security
http://www.krusesecurity.dk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: