Full Disclosure mailing list archives
Re: Revisited Internet Explorer 6 DoS Bug
From: "Eric N. Valor" <ericv () cruzio com>
Date: Wed, 9 Jul 2003 11:03:23 -0700
I tried with my W2K box and Netscape 7.02, IE 5.0, and Mozilla1.2.1 and did not freeze with either. I'm using W2K-SP2 and have devices attached to both COM1 and COM2.
From: "Peter Kruse" <kruse () krusesecurity dk> Hi all, The problem is surely related to the serial communication ports. It can also, besides from the AUX call, be reproduced with a file:///c:/com1 or file:///c:/com2 and so on ;-) It´s possible to remotely DoS a browser this way. I´ve recieved several reports, that this issue affects many other browsers, and can cause Mcirosoft Windows to completely crash. I have put up a new testpage using a simple: <img src=file:///c:/com1> at: http://www.krusesecurity.dk/com1_dos.htm [Don´t go there unless you really want to!] This attack can also be conducted with HTML based e-mails.
-- Eric N. Valor ericv () cruzio com PGP Key 2048/1024 227B04CB Key Fingerprint = 766C CA15 0FFF E54B 2FEE C7D7 0F87 3AFB 227B 04CB : This Space Intentionally Left Blank : _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Revisited Internet Explorer 6 DoS Bug Jason Eberly (Jul 08)
- <Possible follow-ups>
- Re: Revisited Internet Explorer 6 DoS Bug Eric N. Valor (Jul 09)