Vulnerability Development mailing list archives

Re: IE Denial of service (sorta)

From: "Nick Lange" <nicklange () wi rr com>
Date: Wed, 5 Dec 2001 09:01:02 -0600

 crashed me.
 5.50.4807.2300
 of ie under 2k w/ various patches ( I think up to sp2)
 as well I think this is sposed to be 5.5 sp2 of i.e. I'm using if I
remember
 correctly
 nick
----- Original Message -----
From: "zeno" <zeno () cgisecurity net>
To: <incidents () securityfocus com>; <bugtraq () securityfocus com>;
<vuln-dev () securityfocus com>
Sent: Tuesday, December 04, 2001 4:00 PM
Subject: IE Denial of service (sorta)


Hey

I found this months ago and though it was patched but it managed to cause

new errors

on win me with all updates on IE in kernel. On default win2k IE install it

sucks up 100 percent cpu

for half on hour(128 meg of ram).

Please click on it and tell me what happens to you.
(include version and patch info)

Its a image tag with some garbage characters in a particular order.
I haven't bothered contacting microsoft yet because I'm not sure just how

common a problem

this is, and with what patches installed.

www.cgisecurity.com/crash.shtml
also try /crash2.shtml

-zenomorph

Current thread:

IE Denial of service (sorta) zeno (Dec 04)
- AW: IE Denial of service (sorta) Matthias Kerstner (Dec 05)
- AW: IE Denial of service (sorta) Matthias Kerstner (Dec 05)
- Re: IE Denial of service (sorta) Nick Lange (Dec 05)
- Re: IE Denial of service (sorta) Alan Richardson - Stuff Trading (Dec 05)
- RE: IE Denial of service (sorta) R. Toma (Dec 05)
- Re: IE Denial of service (sorta) Simon Kornblith (Dec 07)
- <Possible follow-ups>
- Re: IE Denial of service (sorta) zeno (Dec 05)
  - Re: IE Denial of service (sorta) Thor (Dec 05)
  - Re: IE Denial of service (sorta) Kerry (Dec 05)
  - RE: IE Denial of service (sorta) Colby Marks (Dec 06)
- RE: IE Denial of service (sorta) John Thornton (Dec 05)