Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Buffer Overflow with all versions of Internet Explorer and Javacript.

From: "Nicolas Sigal" <bugtraq () localhost net ar>
Date: Mon, 3 Jun 2002 17:53:25 -0300
I tested on Windows XP with IE6, and do not crash..
IE alert me with an error "Out of stack space" / "Stack overflow at line: 0"
but do not use 1oo% cpu or die..


        Nicolas Sigal
LocalHost Internet Services
http://www.localhost.net.ar
  nsigal () localhost net ar



----- Original Message -----
From: "George Staikos" <staikos () kde org>
To: "Jacek Lach" <jlach () utopia pl eu org>; <vuln-dev () securityfocus com>
Sent: Monday, June 03, 2002 2:11 PM
Subject: Re: Buffer Overflow with all versions of Internet Explorer and
Javacript.


On Monday 03 June 2002 08:31, Jacek Lach wrote:

On Sunday 02 June 2002 23:47, Scott Mackenzie wrote:

After a few minutes testing it seems this does not only effect Internet
Explorer but also the following browsers:


In KDE's konqueror Latest Version it Seg Faults the browser instantly


a bit OT, but anyway, I also checked this and
Konqeror 3.0.0 hogs the CPU, but there was no segfault, the same effect
(100% CPU utilization) is done by simply this:
<html><head></head>
<script language="JAVASCRIPT">
function foo() {
foo();
}
</script>
<input type="button" onClick="foo();" value="SMASH!"></input>
</html>

This situation is handled by both IE and Mozilla 1.0rc1 (no hogs there)


   I get a hard crash in Konqueror from KDE 3.0.0.  We're looking into it
right now.  It's rather obvious what is wrong, but the best solution needs
to
be worked out by the JS developers.

#0  0x41a1d46a in KJS::Window::get (this=0x0, exec=0x0, p=@0x0)
    at kjs_window.cpp:348
#1  0x00000000 in ?? ()

--

George Staikos
Previous By Date Next
Previous By Thread Next

Current thread: