what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

msiepng-dos.txt

msiepng-dos.txt
Posted Sep 17, 2008
Authored by Aditya K Sood | Site secniche.org

Microsoft Internet Explorer 7 is susceptible to a denial of service vulnerability when handling malicious PNG files.

tags | advisory, denial of service
SHA-256 | 8105113340df750289b71336193cf66a82c2fe90f1e6af1e9aed5f8577672a3f
Download | Favorite | View

msiepng-dos.txt

Change Mirror Download
Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.

*Version Affected:*
IE 7 / IE 8 BETA

*Severity:*
Intermediate

*Background:*
Mshtml.dll is a standard library which is responsible for rendering
objects in web pages in Internet Explorer.

*Description:*
The Internet Explorer 7 is vulnerable to Denial of Service while 
handling malicious
PNG files. The IE shows a intrinsic vulnerable response while loading 
images.This
issue can be exploited by an attacker by letting a victim to visit a 
malicious web page
embedded with rogue PNG Files there by leading to denial of service.

*Analysis:*
The internet explorer unable to render and load the malicious png 
image.On further discussion ,
Microsoft team stated that CDwnTaskExec::ThreadExec enters an infinite 
loop that that keeps
grabbing task and runs them synchronously.This results in failure in 
completion of task.When a
 task never completes,or timeouts all subsequent task will be blocked. 
IE will fail to load all
subsequent image after an attempt to load the malicious PNG file.

*Detection:*
SecNiche confirmed this vulnerability affects Internet Explorer 7 and 
Internet Explorer 8 Beta
on the Microsoft Windows XP SP2 platform.The versions tested are:

7.0.5730
8.0.6001

*Links:
http://www.secniche.org/ie_mal_png_dos.html
*
*Disclosure Timeline:*
April 6,2008 Initial Vendor Notification
April 7,2008 Initial Vendor Response
September 17 ,2008 Release Date.

*Vendor Response:*
Microsoft Acknowledges this vulnerability and "fix" will be
released in the final version of Internet Explorer 8 later this year.

*Credit:*
Aditya K Sood

*Disclaimer*
The information in the advisory is believed to be accurate at the time 
of publishing
based on currently available information. Use of the information 
constitutes acceptance
 for use in an AS IS condition. There is no representation or 
warranties, either express or
implied by or with respect to anything in this document, and shall not 
be liable for any
 implied warranties of merchantability or fitness for a particular 
purpose or for any indirect
special or consequential damages.
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close