what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

memcorruptIE.txt

memcorruptIE.txt
Posted Jul 3, 2004
Authored by Phuong Nguyen

An 11 byte attack against Microsoft Internet Explorer allows for an attacker to denial of service the application due to a memory corruption vulnerability. Versions affected: 5.x, 6.1 SP1.

tags | advisory, denial of service
SHA-256 | 5d205a3b97c16735b8ce1366dc553dd330248648574fec93b81fa905ca0d5964

memcorruptIE.txt

Change Mirror Download
TITLE
=====
Memory Corruption Vulnerability

DESCRIPTION
===========
Internet Explorer is the flagship broswer for the Microsoft Windows OS.

PROBLEM
=======
Affected Versions : Internet Explorer 5.x, 6.1 SP1
Tested Platforms : Windows 2k, Windows XP

Internet Explorer is vulnerable to numerous security holes, and this
one is not that big of a deal, but worth
mentioning. This memory corruption vulnerability allows an attacker to
DoS the application itself, no more no less.
An attacker can shutdown Internet Explorer with only 11 bytes.

DETAILS
=======
[Cascading Style Sheet(CSS) Memory Corruption]

There are 1001 ways that an attacker can use to hack, exploit, and
crash IE but we believe this is one of the most
compact attacks ever, as an attacker needs only 11 bytes to crash IE.
This vulnerability does not give the attacker the
ability to exploit and execute arbitrary code or cause any real damage
to the victim, but rather it corrupts the memory space
allocated by IE.

There was a similar vulnerability which has been reported earlier, but
this one is more compact.
IE seems to have problems handling Cascading Style Sheet (CSS) elements
and therefore an attacker can easily crash IE by using
the following, imho, weird combinations of CSS elements:

<STYLE>@;/*

There you go, 11 bytes is all it takes to crash IE. Having <STYLE>@;/*
alone is enough, other <HTML> tags are not necessary.
If you're too lazy to test this yourself, then we have conveniently
created a sample 11 byte html at:

http://www.ecqurity.com/adv/11.html

VENDOR STATUS
=============
This would most likely be small problem to Microsoft and we decided not
to report it. Internet Explorer still has quite a few
serious unpatched security holes in it, and we don't think this one
deserves Microsoft's attention. In the meantime, perhaps
using a different browser to surf the web is in order.

CONTACT
=======

phuong at ecqurity .com
david at ecqurity .com
http://www.ecqurity.com




__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close