Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: April appeared to be a month of IE bugs. Here's another one.
From: Cove Schneider <cove () wildpackets com>
Date: Tue, 29 Apr 2003 12:59:21 -0700

Apple's Safari browser appears to be effected too....

Safari 1.0 Beta 2 (v73)

PID COMMAND %CPU TIME #TH #PRTS #MREGS RPRVT RSHRD RSIZE VSIZE 3249 Safari 94.2% 0:07.20 4 108 288 5.40M 23.1M 14.7M 130M

On Tuesday, April 29, 2003, at 11:23 AM, ERRor wrote:

Hello, Bugtraq.

Malicious htm file can freeze IE with 100% CPU usage:
Construct the file freeze.htm:
c:\>perl -e "print qq'\xFF\xFE'; print qq'\r\n' x 30000" > freeze.htm

After opening freeze.htm IE will hang with 100% CPU usage until IEXPLORE.EXE process is not killed. Two bytes (0xff 0xfe) at the beginning of the file
mean that
the encoding is unicode. So the internal unicode representation of the CR LF
sequence
will look like 0D0A0D0A but not 000D000A (if the file was a plain ASCII). Tested on IE 6.0 with all fixes, i think other versions also vulnerable.


Best Regards, ERRor, dHtm.
P.S. greets to .einstein. and dHtm



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]