Re: MSIE flaws: nested array sort() loop Stack overflow exception

["isno" <isno () xfocus org>]

I don't think this flaw is exploitable.In MSIE, any loop can lead to exception.Just like:

<IFRAME SRC=?>

save it as a html file, open it in IE, in about 30 seconds, it will cause a stack_overflow exception and exit. Because 
IE will not stop allocating stack buffer, until there is not enough stack space.  

= = = = = = = = = = = = = = = = = = = =

> Hi all,
>
> Another flaw in IE:
>
> <HTML>
>  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
>  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
> </HTML>
>
> Normally I would see if it's exploitable but I figure I'm not MS's pet bug finder/analyser... So, I've CC'ed this 
> message to Microsoft. I'm sure they know their own product better then I do and can analyse the problem much faster. 
> So if you want to know the impact of this vulnerability, ask them: I'm sure they will be more then willing to help 
> you. I'm sure they will even reply to this message with technical details and a patch tomorrow.
>
> Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_ie_flaws.html
>
> Cheers,
> SkyLined
> http://www.edup.tudelft.nl/~bjwever
>
> PS. Don't think firefox will keep you save from hackers, I _know_ it won't ;) But more on that later...
> PS2. Recursive function call will cause stack overflow causing write exception in guard page on a push, no control 
> over registers.

= = = = = = = = = = = = = = = = = = = =
                        

                           Cheers, 
        isno
        isno () xfocus org
          2004-11-26