[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] IE6 - Crash via DOS device

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] IE6 - Crash via DOS device
From: "morning_wood" <se_cur_ity@hotmail.com>
Date: Sat, 1 Nov 2003 00:38:49 +0530

Oct 30, 2003
Donnie Werner
morning_wood@exploitlabs.com

I thought these bugs in Internet Explorer 6 had been fixed...

all of these make use of a local call to a
legacy DOS device, example
( file:///AUX ) as a link, called in an iframe ( XSS ) or used as an IMG
tag.
I tested,  "CON", "PRN", "AUX", "COMx", "LPTx", "CLOCK$" and "NUL"
only AUX and COM1 caused a lockup of Internet Explorer 6

do these links crash your browser?
1. http://exploitlabs.com/files/notices/AUXcrash.html <--- click for links
to crash
2. http://exploitlabs.com/files/notices/AUX-iframe.html <-- click this link
to crash
3. http://exploitlabs.com/files/notices/AUX-img.html <-- click this link to
crash

note: these can be embeded via Cross Site Scripting ( XSS ) to deny service
to a website to those clients trying to connect via affected versions of IE6

Donnie Werner
http://exploit.labs.com
morning_wood@exploitlabs.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] IE6 - Crash via DOS device
  - From: "Richard Spiers" <dksaarth@unix.za.net>
- Re: [Full-Disclosure] IE6 - Crash via DOS device
  - From: |reduced|minus|none| <p00p@instable.net>

Prev by Date: Re: [Full-Disclosure] Proxies
Next by Date: Re: [Full-Disclosure] Proxies
Previous by thread: Re: [Full-Disclosure] Gates: 'You don't need perfect code' for good security
Next by thread: Re: [Full-Disclosure] IE6 - Crash via DOS device
Index(es):
- Date
- Thread