[Full-Disclosure] Revisited Internet Explorer 6 DoS Bug

From: Peter Kruse (kruse_at_krusesecurity.dk)
Date: 07/08/03

  • Next message: Simon Lorentsen: "RE: [Full-Disclosure] Revisited Internet Explorer 6 DoS Bug" 
    To: <full-disclosure@lists.netsys.com>
Date: Tue, 8 Jul 2003 21:11:39 +0200

    Hi all,

    The problem is surely related to the serial communication ports. It can
    also, besides from the AUX call, be reproduced with a file:///c:/com1 or
    file:///c:/com2 and so on ;-)

    Itīs possible to remotely DoS a browser this way. Iīve recieved several
    reports, that this issue affects many other browsers, and can cause
    Mcirosoft Windows to completely crash.

    I have put up a new testpage using a simple: <img src=file:///c:/com1>
    at:
    http://www.krusesecurity.dk/com1_dos.htm

    [Donīt go there unless you really want to!]

    This attack can also be conducted with HTML based e-mails.

    Med venlig hilsen // Kind regards

    Peter Kruse
    Kruse Security
    http://www.krusesecurity.dk

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Simon Lorentsen: "RE: [Full-Disclosure] Revisited Internet Explorer 6 DoS Bug"

    Relevant Pages

    • Re: Offloading Reports
      ... -- and provides admin functions for archiving/retention, ... I'm acquainted with a couple of products that write the reports into VSAM ... involvement that my boss wants to eliminate. ... Then access the output via the same web browser interface you would have used to access it straight from z/OS using the same product suite. ...
      (bit.listserv.ibm-main)
    • Re: Web of Trust (a revolution)
      ... that pointed out that it had more software vulnerabilities than ... reports all security issues ... That for me anyway is what the issue of trust comes down too, ... Konqueror is not a proprietary browser, and I trust KDE to disclose all the ...
      (Fedora)
    • Re: Looking for confirmation
      ... Your browser? ... How do you get error reports ... I will brook no crap about 'my applet is fine', ... And if the params were being written 'client side' using ...
      (comp.lang.java.programmer)
    • File does not begin with %pdf-
      ... We are in a small LAN. ... generate reports which would open a PDF in a browser. ... do this from the server and it views the PDF with no problem. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Internet explorer V6 - not recognised
      ... ASPNET's HTTPBrowserCapabilities object reports that based on the ... User-Agent, your Browser has the following capabilities: ... Shows some of the basic information available in the browser. ... Operating System Windows - Windows XP ...
      (microsoft.public.windowsupdate)