[Full-Disclosure] Revisited Internet Explorer 6 DoS Bug

From: Peter Kruse (kruse_at_krusesecurity.dk)
Date: 07/08/03

  • Next message: Simon Lorentsen: "RE: [Full-Disclosure] Revisited Internet Explorer 6 DoS Bug"
    To: <full-disclosure@lists.netsys.com>
    Date: Tue, 8 Jul 2003 21:11:39 +0200
    
    

    Hi all,

    The problem is surely related to the serial communication ports. It can
    also, besides from the AUX call, be reproduced with a file:///c:/com1 or
    file:///c:/com2 and so on ;-)

    Itīs possible to remotely DoS a browser this way. Iīve recieved several
    reports, that this issue affects many other browsers, and can cause
    Mcirosoft Windows to completely crash.

    I have put up a new testpage using a simple: <img src=file:///c:/com1>
    at:
    http://www.krusesecurity.dk/com1_dos.htm

    [Donīt go there unless you really want to!]

    This attack can also be conducted with HTML based e-mails.

    Med venlig hilsen // Kind regards

    Peter Kruse
    Kruse Security
    http://www.krusesecurity.dk

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Simon Lorentsen: "RE: [Full-Disclosure] Revisited Internet Explorer 6 DoS Bug"