TITLE
=====
Memory Corruption Vulnerability

DESCRIPTION
===========
Internet Explorer is the flagship broswer for the Microsoft Windows OS.

PROBLEM
=======
Affected Versions       : Internet Explorer 5.x, 6.1 SP1
Tested Platforms        : Windows 2k, Windows XP

Internet Explorer is vulnerable to numerous security holes, and this
one is not that big of a deal, but worth 
mentioning. This memory corruption vulnerability allows an attacker to
DoS the application itself, no more no less. 
An attacker can shutdown Internet Explorer with only 11 bytes.

DETAILS
=======
[Cascading Style Sheet(CSS) Memory Corruption]

There are 1001 ways that an attacker can use to hack, exploit, and
crash IE but we believe this is one of the most 
compact attacks ever, as an attacker needs only 11 bytes to crash IE.
This vulnerability does not give the attacker the 
ability to exploit and execute arbitrary code or cause any real damage
to the victim, but rather it corrupts the memory space 
allocated by IE.

There was a similar vulnerability which has been reported earlier, but
this one is more compact. 
IE seems to have problems handling Cascading Style Sheet (CSS) elements
and therefore an attacker can easily crash IE by using 
the following, imho, weird combinations of CSS elements:

<STYLE>@;/*

There you go, 11 bytes is all it takes to crash IE. Having <STYLE>@;/*
alone is enough, other <HTML> tags are not necessary. 
If you're too lazy to test this yourself, then we have conveniently
created a sample 11 byte html at: 

http://www.ecqurity.com/adv/11.html

VENDOR STATUS
=============
This would most likely be small problem to Microsoft and we decided not
to report it. Internet Explorer still has quite a few 
serious unpatched security holes in it, and we don't think this one
deserves Microsoft's attention. In the meantime, perhaps 
using a different browser to surf the web is in order.

CONTACT
=======

phuong at ecqurity .com
david at ecqurity .com
http://www.ecqurity.com



		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail