Home page logo

fulldisclosure logo Full Disclosure mailing list archives

DoS vulnerability in Internet Explorer
From: "MustLive" <mustlive () websecurity com ua>
Date: Tue, 1 Jun 2010 15:42:58 +0300

Hello Full-Disclosure!

I want to warn you about Denial of Service vulnerability in Internet
Explorer. Which I already disclosed at my site in 2008 (at 29.09.2008). But
recently I made new tests concerning this vulnerability, so I decided to
remind you about it.

I know this vulnerability for a long time - it's well-known DoS in IE. It
works in IE6 and after release of IE7 I hoped that Microsoft fixed this hole
in seventh version of the browser. But as I tested at 29.09.2008, IE7 was
also vulnerable to this attack. And as I tested recently, IE8 is also
vulnerable to this attack.

Also I informed Microsoft at 01.10.2008 about it, but they ignored and
didn't fix it. They didn't fix the hole not in IE6, nor in IE7, nor in IE8.

That time I published about this vulnerability at SecurityVulns


Vulnerability concerned with handling by browser of expression in styles,
which leads to blocking of work of IE.


Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet
Explorer 7 (7.0.6000.16711), Internet Explorer 8 (8.0.7600.16385) and
previous versions.

To Susan Bradley from Bugtraq:

This is one of those cases, which I told you before, when browser vendors
ignore to fix DoS holes in their browsers for many years.

Best wishes & regards,
Administrator of Websecurity web site

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]