Microsoft IE Javascript window.open Null-Pointer DoS

2004-07-11T18:18:29
ID OSVDB:7801
Type osvdb
Reporter Berend-Jan Wever(skylined@edup.tudelft.nl)
Modified 2004-07-11T18:18:29

Description

Vulnerability Description

Microsoft IE contains a flaw that may allow a local denial of service. The issue is triggered when the victim opens a specially crafted HTML file with a window.open object that is placed in a for . . . in loop with a non-existent variable causing a null pointer exception, and will result in loss of availability for the browser.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft IE contains a flaw that may allow a local denial of service. The issue is triggered when the victim opens a specially crafted HTML file with a window.open object that is placed in a for . . . in loop with a non-existent variable causing a null pointer exception, and will result in loss of availability for the browser.

Manual Testing Notes

<SCRIPT language="javascript">

MSIE = window.open; // for hackers to come in for (every_bug_found in MSIE) { / there are zillions more hiden / }

</SCRIPT>

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0108.html