[NT] Internet Explorer JavaScript Modeless Popup DoS
From: support@securiteam.comDate: 01/13/02
- Previous message: support@securiteam.com: "[NEWS] Vulnerabilities in Oracle9iAS Web Cache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 13 Jan 2002 12:23:03 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Internet Explorer JavaScript Modeless Popup DoS
------------------------------------------------------------------------
SUMMARY
There is a bug in Internet Explorer 6 (probably lower versions down to 5.0
as well) that allows for a JavaScript to call an infinite amount of
modeless dialogs containing the page it was opened in, thus creating an
endless loop and rendering the internet explorer useless. These dialogs
also managed to stay open after killing the 'iexplore' process and
continued to loop until CPU usage was maxed at 100%. Due to the nature of
the showModelessDialog() function, the dialog fails to give up focus and
the machine may even become unable to function requiring a reboot of the
machine to regain control of the user interface.
DETAILS
Vulnerable systems:
Internet Explorer version 6.0
Internet Explorer version 5.5
Example:
Place this Code into an HTML file called exploit.html:
<html>
<head>
<script type="javascript">
function exploit() {
while(1) {
showModelessDialog("exploit.html");
}
</script>
</head>
<body onLoad="exploit">
</body>
</html>
Workaround:
Disable JavaScript.
ADDITIONAL INFORMATION
The information has been provided by <mailto:whizack@attbi.com> Lance
Hitch*** Jr..
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Vulnerabilities in Oracle9iAS Web Cache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NT] Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, and Site Spoof
... Internet Explorer, ... "cookieStealing.html" - This opens Yahoo.com and
steals the cookie. ... The information in this bulletin is provided "AS IS" without warranty
of any kind. ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) - [NT] DoS in Multiple IE Versions (Self-Referenced Directives)
... to completely crash Internet Explorer. ... The information in this bulletin
is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages
whatsoever including direct, indirect, incidental, consequential, loss of business profits or special
damages. ... (Securiteam) - [NEWS] WolfMail Allows Relaying of SPAM
... The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com ... these values are sent via an HTML
file that ... The information in this bulletin is provided "AS IS" without warranty
of any kind. ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) - [NT] Microsoft Internet Explorer and mshtml.dll Nested OBJECT Tag DoS
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Microsoft Internet Explorer
and mshtml.dll Nested OBJECT Tag DoS ... The information in this bulletin is provided "AS
IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam) - [NT] MSIE URL Buffer Overflow using Greek Characters
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability in Internet
Explorer has been found, ... The information in this bulletin is provided "AS IS" without
warranty of any kind. ... In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam)
