Re: IE Denial of service (sorta)

["Kerry" <hunter1 () nemontel net>]

Windows XP (home edition), IE 6.0.2600, didn't crash but caused cpu usage to
go to 100%.

----- Original Message -----
From: "zeno" <bugtraq () cgisecurity net>
To: "zeno" <zeno () cgisecurity net>
Cc: <incidents () securityfocus com>; <bugtraq () securityfocus com>;
<vuln-dev () securityfocus com>
Sent: Wednesday, December 05, 2001 6:58 AM
Subject: Re: IE Denial of service (sorta)


> I've had alot of people email me.
>
> So far crashed the following versions below. Can anyone confirm
> that anything below won't crash?
>
> Win 98 IE 6.0
> Win ME IE 6.0(all patches as of yeserday)
> IE 6.0 on win xp crashed
> nt 4.0 and ie 5.5 sp6a
> IE5.5 sp2 and NT4 sp6a P3 733 w/128MB RAM
>
> It seems to be memory based. Systems with above 256 meg of ram don't seem
> to crash. I contacted microsoft no word back yet.
>
>
> - zeno
>
> > Hey
> >
> > I found this months ago and though it was patched but it managed to
cause new errors
> > on win me with all updates on IE in kernel. On default win2k IE install
it sucks up 100 percent cpu
> > for half on hour(128 meg of ram).
> >
> > Please click on it and tell me what happens to you.
> > (include version and patch info)
> >
> > Its a image tag with some garbage characters in a particular order.
> > I haven't bothered contacting microsoft yet because I'm not sure just
how common a problem
> > this is, and with what patches installed.
> >
> > www.cgisecurity.com/crash.shtml
> > also try /crash2.shtml
> >
> > -zenomorph