TUCoPS :: Browsers :: hack7659.htm

Microsoft Internet Explorer - Crash on processing embedded files with endless loop
Microsoft Internet Explorer - Crash on processing embedded files with endless loop (05/28/2005) 

Microsoft Internet Explorer - Crash on processing embedded files with
endless loop (05/28/2005)


Description:
There is a bug in Microsoft Internet Explorer, which causes a crash in it.
The bug occurs, because Microsoft Internet Explorer doesn't limit the depth
of embedded files.


Affected software:
Microsoft Internet Explorer


Workaround:
Deactivate "ActiveX" in the IE options menu.


Proof-of-Concept exploit:

Page #1 (save as "btf1.htm"):

BTF - MSIE crash



Page #2 (save as "btf2.htm"):

BTF - MSIE crash




Date of discovery:
26. September 2003


Tested software:
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180.xpsp_sp2_gdr.050301-1519)
on a fully patched Windows XP SP2 system.


DLL versions:
MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)


Regards,

Benjamin Tobias Franz
Germany

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH