Full Disclosure mailing list archives
Re: IE6 - Crash via DOS device
From: |reduced|minus|none| <p00p () instable net>
Date: Fri, 31 Oct 2003 16:12:14 -0500
morning_wood wrote:
Oct 30, 2003 Donnie Werner morning_wood () exploitlabs com I thought these bugs in Internet Explorer 6 had been fixed... all of these make use of a local call to a legacy DOS device, example ( file:///AUX ) as a link, called in an iframe ( XSS ) or used as an IMG tag. I tested, "CON", "PRN", "AUX", "COMx", "LPTx", "CLOCK$" and "NUL" only AUX and COM1 caused a lockup of Internet Explorer 6 do these links crash your browser? 1. http://exploitlabs.com/files/notices/AUXcrash.html <--- click for links to crash 2. http://exploitlabs.com/files/notices/AUX-iframe.html <-- click this link to crash 3. http://exploitlabs.com/files/notices/AUX-img.html <-- click this link to crash note: these can be embeded via Cross Site Scripting ( XSS ) to deny service to a website to those clients trying to connect via affected versions of IE6 Donnie Werner http://exploit.labs.com morning_wood () exploitlabs com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
none of them worked for me... version 6.0.2800.1106.xpsp2.030422-1633 windows xp corp. with sp1 -- p00p () instable net AIM: l4m3n00b MSN: l4m3n00b () hotmail com http://www.instable.net GnuPG Public Key: http://www.instable.net/pubkey.asc"The only sovereign you can allow to rule you is reason." - Wizard's Sixth Rule, "Faith of the Fallen" by Terry Goodkind
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- IE6 - Crash via DOS device morning_wood (Oct 31)
- Re: IE6 - Crash via DOS device Richard Spiers (Oct 31)
- Re: IE6 - Crash via DOS device |reduced|minus|none| (Oct 31)
- Re: IE6 - Crash via DOS device morning_wood (Oct 31)