TUCoPS :: Browsers :: v7-2426.htm

Microsoft(R) Internet Explorer 5 & 6 Remote DoS
Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service
Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service


** Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ ** 

Advisory Name: 
Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements

Release Date: 
14. January 2006

Vulnerable Product: 
Microsoft(R) Internet Explorer 5
Microsoft(R) Internet Explorer 6

Tested and Confirmed Vulerable: 
Microsoft=AE Windows=AE XP Professional with Service Pack 2 and IE 6.0.2900.2180.xpsp_sp2_gdr.050301-1519
Microsoft=AE Windows=AE Server 2003 with IE 6.0.2790.0
Microsoft=AE Windows=AE 2000 Advanced Server 5.00.2195 with Service Pack 4 and IE 5.00.3700.1000
Other combinations are likely to be vulnerable, so far all systems that I have tested had the bug.

Severity: 
Medium

Discovered by: 
Inge Henriksen (inge.henriksen@booleansoft.com) http://ingehenriksen.blogspot.com/ 

Vendor Status: 
Notified 30. December 2005, no fix at present.

Arbitrary Code Injection:
This is a null pointer dereference, so no arbitrary code injection is likely. Thanks to H D Moore from Metasploit for help on this issue.

Overview:
I have found that Microsoft(R) Internet Explorer 5 and Microsoft(R) Internet Explorer 6 are vulnerable 
to a Denial of Service. So far all combinations of OS's and IE versions I have tested are vulnerable. 
The exploit is triggered by a bad IMG element combined with a bad XML block, this html code can by hidden 
inside a webpage etc. to cause a Denial of Service for all that tries to view that webpage.

Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH