Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Browsers :: bt1476.txt

Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)






----- Original Message -----
From: "Ryan Emerle" <securityFocus@emerle.net>
To: <bugtraq@securityfocus.com>
Sent: Wednesday, April 16, 2003 11:55 AM
Subject: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)


>
>
> *Description*
> Microsoft Internet Explorer 6.0 (other versions not tested) is vulnerable
> to a DoS when specially crafted html is present on a page.  The
> vulnerability is in the processing of the OBJECT tag.
>
> *Tested*
> OS: Windows 2000 Pro SP3 (fully up-to-date)
> IE: Internet Explorer 6.0.2800.1160 SP1
>
> *Ramifications*
> When the specially crafted HTML is present in a page, Internet Explorer
> will forcefully terminate all open sessions.  The client machine is
> otherwise unharmed. Further ramifications have not been investigated.
>
> *Proof of Concept*
> The following HTML code will cause the above version of Internet Explorer
> to forcefully terminate:
>
> &lt;object id="test"
>        data="#"
>        width="100%" height="100%"
>        type="text/x-scriptlet"
>        VIEWASTEXT>&lt;/object&gt;
>
> --
> Ryan Emerle, BSCS
> Lead Systems Developer
> Interactive Network Systems, Inc.
> http://www.ins-business.com
>


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH