RE: IE Denial of service (sorta)

["Colby Marks" <Colby () DigitalJunction Com>]

Zeno,

WinXP Professional w/updates to date on IE
6.0.2600.0000.xpclient.010817-1148 with update Q312461

Took a little time (about 3 minutes) to render the output, but there was
no crash, and it did complete.  Output first line was:
Hi(image that never loaded)
o¹¹¹ºÖÕÖ×ØÙÚÛÖÉ˶§ÞÓßâãäåéâäàåçê=}o¹¹¹ºÖÕÖ×ØÙÚÛÖÉ˶§ÞÓßâãäåéâäàåçê=}o¹¹¹
ºÖÕÖ×ØÙÚÛÖÉ˶§ÞÓßâãäåéâäàåçê=}

And the stuff after the image repeated for a while.

My machine is a PII Xeon 400 w/1024K Cache-Lot SL34J with 256MB Physical
RAM.

-Colby

-----Original Message-----
From: zeno [mailto:bugtraq () cgisecurity net] 
Sent: Wednesday, December 05, 2001 8:58 AM
To: zeno
Cc: incidents () securityfocus com; bugtraq () securityfocus com;
vuln-dev () securityfocus com
Subject: Re: IE Denial of service (sorta)


I've had alot of people email me.

So far crashed the following versions below. Can anyone confirm
that anything below won't crash?

Win 98 IE 6.0
Win ME IE 6.0(all patches as of yeserday)
IE 6.0 on win xp crashed
nt 4.0 and ie 5.5 sp6a
IE5.5 sp2 and NT4 sp6a P3 733 w/128MB RAM

It seems to be memory based. Systems with above 256 meg of ram don't
seem
to crash. I contacted microsoft no word back yet.


- zeno

> Hey
>
> I found this months ago and though it was patched but it managed to
cause new errors
> on win me with all updates on IE in kernel. On default win2k IE
install it sucks up 100 percent cpu
> for half on hour(128 meg of ram).
>
> Please click on it and tell me what happens to you.
> (include version and patch info)
>
> Its a image tag with some garbage characters in a particular order.
> I haven't bothered contacting microsoft yet because I'm not sure just
how common a problem
> this is, and with what patches installed.
>
> www.cgisecurity.com/crash.shtml
> also try /crash2.shtml
>
> -zenomorph