Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)

  1. #1
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953

    Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)

    Hey all you IE user(s) … Just found this Vuln. In my Bugtraq inbox…
    Just thought you might be interested?



    *Description*
    Microsoft Internet Explorer 6.0 (other versions not tested) is vulnerable
    to a DoS when specially crafted html is present on a page. The
    vulnerability is in the processing of the OBJECT tag.

    *Tested*
    OS: Windows 2000 Pro SP3 (fully up-to-date)
    IE: Internet Explorer 6.0.2800.1160 SP1

    *Ramifications*
    When the specially crafted HTML is present in a page, Internet Explorer
    will forcefully terminate all open sessions. The client machine is
    otherwise unharmed. Further ramifications have not been investigated.

    *Proof of Concept*
    The following HTML code will cause the above version of Internet Explorer
    to forcefully terminate:

    <object id="test"
    data="#"
    width="100%" height="100%"
    type="text/x-scriptlet"
    VIEWASTEXT></object>

    --
    Ryan Emerle, BSCS
    Lead Systems Developer
    Interactive Network Systems, Inc.
    http://www.ins-business.com
    -take it easy!
    yeah, I\'m gonna need that by friday...

  2. #2
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Question

    I saw that on Bugtraq yesterday and I was going to write a quick HTML page to test it out but I haven't gotten to that yet (too much real work getting in the way of playing around )

    Has anyone tried this out to see if it works as advertised?

  3. #3
    Senior Member
    Join Date
    Nov 2002
    Posts
    103
    I havnt tried this out but it does make me have a question, out of all the browsers out there, wich one is in your opinions the most secure? wich one is your favorite? it seems like so many have a problem and cause exploits, i was just Wondering wich one you guys use more.

    Me personally i use IE (it might be big but it does display pages nicely) and i use Netscape, links, lynx, Mozilla, Konquerer, and also i really like Galeon, and also skipstone.

  4. #4
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    i could have sworn i posted this in the general chit chat section, so not to show up on the front page? am i mistaken or did someone move this thread?
    yeah, I\'m gonna need that by friday...

  5. #5
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    I use IE. I wouldn't call it the most secure per se, but I like it the most of what I have used.

    It seems that a lot of the problems in IE or other browsers were intended to be "features". The more they try to add interactive functionality the more attack vectors they open. If a web site can execute code in your browser for "legitimate" purposes, then an attacker can also use that feature to execute malicious code instead.

    I think all of the browsers have issues and its incumbent upon the user to stay up to date with patches and disable unneccesary "features" that potentially compromise security.

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I moved it as it is a Microsoft security issue.

    Sigh. Do someone a favour and they complain. *BAH*

    As for browser security, I don't think one is more secure over the other. But I think IE gets "abused" more and more "falls out" in so far as bugs and such.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    sorry MsMittens, i didn't mean to complain?
    i was just curious, thuoght i was going crazy

    thank you though!
    yeah, I\'m gonna need that by friday...

  8. #8
    Senior Member
    Join Date
    Dec 2001
    Posts
    304
    I havent tried it with 6. I only had 5 avalible.. WIth 5 it makes a error window come up and then closes all your windows
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  9. #9
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    This explanation was just posted to Bugtraq:

    What I think is happening is that IE takes the URL '#' on it's own to mean current document. (You can ahieve the same affect by specifying data="document.html" where document.html is the name of the html file running the code.)

    When the data in the file '#' is embedded into the document and executed it too contains the same object tag which embeds the document again and again. Eventually it runs out of stack space. I doubt this is exploitable on it's own except as a DoS.

    - Blazde

  10. #10
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Its a bad day for browsers I just got a security notice about Netscape (sorry it was deletded before I could link it , we have a shard mail box for security postings here, and seeing that we don't use netscape one of the other admins got rid of it) It came over bugtraq so I am sure some one can find and post it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •