Re: [Full-Disclosure] [IE] Pure html DOS although some version require minor user interaction ( highlighting/minimising )

From: S G Masood (sgmasood_at_yahoo.com)
Date: 10/19/03

  • Next message: Jonathan A. Zdziarski: "Re: [Full-Disclosure] Question: is this exploitable?" 
    To: full-disclosure@lists.netsys.com
Date: Sat, 18 Oct 2003 17:47:21 -0700 (PDT)

    Has no effect on IE6.0 on Win2k SP4 with no IE
    patches. 

    --
S.G.Masood
Hyderabad,
India.
--- Thomas Rogg <thomas@outcast-media.com> wrote:
> am 18.10.2003 6:29 Uhr schrieb John unter
> mccann@lexicon.net:
> 
> > Basicly this simple employees a HEAP of <big> tags
> and only requires a
> > single closing tag. Someone versions on view will
> die others require
> > something to activate rendering I assume this
> could be done via a java
> > script.
> > 
> > Proof of concept
> > 
> > http://www.lexicon.net/mccann/t.html
> > 
> > Mozilla doesn't crash some version my experience
> high cpu usage while
> > rendering also the layout will be stuffed but it
> is also a problem with
> > overflowing font sizes.
> > Opera untested.
> > Other untested.
> Tried it twice, crashed IE 5.0 (didn't know I still
> had it on my hard drive)
> under Mac OS 9 both times and took the whole system
> with it (OS 9 doesn't
> have any memory protection etc).
> 
> Nice work.
> 
> -- Thomas
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: Jonathan A. Zdziarski: "Re: [Full-Disclosure] Question: is this exploitable?"

    Relevant Pages

    • Re: [Full-disclosure] Standalone PC Lockdown
      ... Shopping ... > Find Great Deals on Holiday Gifts at Yahoo! ... > Full-Disclosure - We believe in it. ... > Charter: http://lists.grok.org.uk/full-disclosure-charter.html ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] Ms Update Spoof - W32.gibe - NOTE:VIRUS ATACHED
      ... This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ... Do you Yahoo!? ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] 3 new MS patches next week... but none fix 0x01!
      ... > e-mail and then wait for that client to complain. ... > Full-Disclosure - We believe in it. ... Do you Yahoo!? ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] OT microsoft "feature"
      ... the leading zero signals that an octal ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ... Do you Yahoo!? ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] Re: Use of Brutus
      ... > with an internal review of the security of the user passwords for an ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ... Win a $20,000 Career Makeover at Yahoo! ...
      (Full-Disclosure)