Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormInge HenriksenPACKETSTORM:43229
HistoryJan 21, 2006 - 12:00 a.m.

MSIEDoS.txt

2006-01-2100:00:00
Inge Henriksen
packetstormsecurity.com
18
JSON
`Advisory Name  
Microsoft(R) Internet Explorer 5 & 6 Remote Denial of Service (DoS) using IMG & XML elements  
  
Release Date  
14. January 2006  
  
Vulnerable Product  
Microsoft(R) Internet Explorer 5  
Microsoft(R) Internet Explorer 6  
  
Tested and Confirmed Vulerable  
Microsoft® Windows® XP Professional with Service Pack 2 and IE 6.0.2900.2180.xpsp_sp2_gdr.050301-1519  
Microsoft® Windows® Server 2003 with IE 6.0.2790.0  
Microsoft® Windows® 2000 Advanced Server 5.00.2195 with Service Pack 4 and IE 5.00.3700.1000  
Other combinations are likely to be vulnerable, so far all systems that I have tested had the bug.  
  
Severity  
Medium  
  
Discovered by  
Inge Henriksen ([email protected]) http://ingehenriksen.blogspot.com/  
  
Vendor Status  
Notified 30. December 2005, no fix at present.  
  
Arbitrary Code Injection  
This is a null pointer dereference, thanks to H D Moore from Metasploit for help on this issue.  
  
Overview  
I have found that Microsoft(R) Internet Explorer 5 and Microsoft(R) Internet Explorer 6 are vulnerable to a Denial of Service. So far all combinations of OS's and IE versions I have tested are vulnerable. The exploit is triggered by bad HTML data combined with a bad XML block, this html code can by hidden inside a webpage etc.   
  
Proof of Concept  
Any HTML page that contain the following HTML code will cause the DoS:  
  
<table><tr><td><IMG align=left>X X X<?xml:namespace prefix=v ><v:X style="HEIGHT:1"></td></tr></table>  
`
JSON