-
April 17th, 2003, 02:07 PM
#1
Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)
Hey all you IE user(s) … Just found this Vuln. In my Bugtraq inbox…
Just thought you might be interested?
*Description*
Microsoft Internet Explorer 6.0 (other versions not tested) is vulnerable
to a DoS when specially crafted html is present on a page. The
vulnerability is in the processing of the OBJECT tag.
*Tested*
OS: Windows 2000 Pro SP3 (fully up-to-date)
IE: Internet Explorer 6.0.2800.1160 SP1
*Ramifications*
When the specially crafted HTML is present in a page, Internet Explorer
will forcefully terminate all open sessions. The client machine is
otherwise unharmed. Further ramifications have not been investigated.
*Proof of Concept*
The following HTML code will cause the above version of Internet Explorer
to forcefully terminate:
<object id="test"
data="#"
width="100%" height="100%"
type="text/x-scriptlet"
VIEWASTEXT></object>
--
Ryan Emerle, BSCS
Lead Systems Developer
Interactive Network Systems, Inc.
http://www.ins-business.com
-take it easy!
yeah, I\'m gonna need that by friday...
-
April 17th, 2003, 03:15 PM
#2
I saw that on Bugtraq yesterday and I was going to write a quick HTML page to test it out but I haven't gotten to that yet (too much real work getting in the way of playing around )
Has anyone tried this out to see if it works as advertised?
-
April 17th, 2003, 03:23 PM
#3
I havnt tried this out but it does make me have a question, out of all the browsers out there, wich one is in your opinions the most secure? wich one is your favorite? it seems like so many have a problem and cause exploits, i was just Wondering wich one you guys use more.
Me personally i use IE (it might be big but it does display pages nicely) and i use Netscape, links, lynx, Mozilla, Konquerer, and also i really like Galeon, and also skipstone.
-
April 17th, 2003, 03:26 PM
#4
i could have sworn i posted this in the general chit chat section, so not to show up on the front page? am i mistaken or did someone move this thread?
yeah, I\'m gonna need that by friday...
-
April 17th, 2003, 03:29 PM
#5
I use IE. I wouldn't call it the most secure per se, but I like it the most of what I have used.
It seems that a lot of the problems in IE or other browsers were intended to be "features". The more they try to add interactive functionality the more attack vectors they open. If a web site can execute code in your browser for "legitimate" purposes, then an attacker can also use that feature to execute malicious code instead.
I think all of the browsers have issues and its incumbent upon the user to stay up to date with patches and disable unneccesary "features" that potentially compromise security.
-
April 17th, 2003, 03:29 PM
#6
I moved it as it is a Microsoft security issue.
Sigh. Do someone a favour and they complain. *BAH*
As for browser security, I don't think one is more secure over the other. But I think IE gets "abused" more and more "falls out" in so far as bugs and such.
-
April 17th, 2003, 03:31 PM
#7
sorry MsMittens, i didn't mean to complain?
i was just curious, thuoght i was going crazy
thank you though!
yeah, I\'m gonna need that by friday...
-
April 17th, 2003, 04:44 PM
#8
I havent tried it with 6. I only had 5 avalible.. WIth 5 it makes a error window come up and then closes all your windows
Violence breeds violence
we need a world court
not a republican with his hands covered in oil and military hardware lecturing us on world security!
-
April 17th, 2003, 05:02 PM
#9
This explanation was just posted to Bugtraq:
What I think is happening is that IE takes the URL '#' on it's own to mean current document. (You can ahieve the same affect by specifying data="document.html" where document.html is the name of the html file running the code.)
When the data in the file '#' is embedded into the document and executed it too contains the same object tag which embeds the document again and again. Eventually it runs out of stack space. I doubt this is exploitable on it's own except as a DoS.
- Blazde
-
April 17th, 2003, 05:08 PM
#10
Its a bad day for browsers I just got a security notice about Netscape (sorry it was deletded before I could link it , we have a shard mail box for security postings here, and seeing that we don't use netscape one of the other admins got rid of it) It came over bugtraq so I am sure some one can find and post it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|