Microsoft IE CLASSID Remote DoS

2002-06-24T21:31:04
ID OSVDB:4951
Type osvdb
Reporter OSVDB
Modified 2002-06-24T21:31:04

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when a specific CLASSID value embedded in an OBJECT tag is placed within a webpage, and will result in loss of availability for the IE browser.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when a specific CLASSID value embedded in an OBJECT tag is placed within a webpage, and will result in loss of availability for the IE browser.

Manual Testing Notes

The following line of code will crash IE. Tested with Windows 2000 and XP.

<object ID="dosIE-doe" CLASSID="CLSID:00022613-0000-0000-C000-000000000046" </object>

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-04/0244.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-06/0297.html ISS X-Force ID: 9531 Generic Exploit URL: http://zgp.org/linux-elitists/20020628204136.GF1749@merlins.org.html CVE-2002-1984 Bugtraq ID: 7384 Bugtraq ID: 5094