Forums: Ms Ie Can Be Crashed By Remote Users - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Ms Ie Can Be Crashed By Remote Users With Large Text Files

#1 User is offline   qcred11 

  • Master Sergeant
  • Icon
  • Group: Second Lieutenant
  • Posts: 2,544
  • Joined: 25-February 04

Posted 12 July 2004 - 09:03 PM

Quote

Internet Explorer Large Text File Denial of Service

http://www.kurczaba....ies/0407111.htm
------------------------------------------------------------
Vulnerability ID Number:
0407111
 
Overview:
A Denial of Service (DoS) vulnerability has been found in Microsoft Internet Explorer.

Vendor:
Microsoft (http://www.microsoft.com)
 
Affected Systems/Configuration:
This test was done on a Windows XP Professional machine, with the latest version of Internet Explorer (6.0.2800.1106.xpsp2.030422-1633). All Microsoft security patches (hotfixes) and service packs are installed
 
Vulnerability/Exploit:
It is possible to crash Internet Explorer by browsing a specially crafted, large text file. The one I used to test was 4 megabytes and contained all \\\"1\\\"s. After about ten seconds, Internet Explorer will stop responding.
 
Workaround:
None. Program must be terminated by Task Manager
 
Date Discovered:
July 6, 2004
 
Severity:
Medium
 
Credit:
Paul Kurczaba
Kurczaba Associates
http://www.kurczaba.com/

Discussion of this vulnerability can be found at: http://forums.kurcza...pics.asp?FID=12


Source: http://www.securityt...ul/1010673.html
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting