IE 7 Beta 2 Exploited
Posted by ePlus on 2 February, 2006 at 1:58 amIf you were one of the lucky ones to download and install the latest version of Internet Explorer 7 Beta 2 on a test machine (because if you install it on your main one, it will overwrite your current IE version), then you’ll might be interested in this proof-of-concept code that can trigger a DoS (Denial of Service) vulnerability, thus crashing the browser.
If you are interested in the proof-of-concept code this is it:
Internet Explorer 7.0 Beta 2 urlmon.dll DoS
Release Date:
Jan 31, 2006
Severity:
Medium
Vendor:
Microsoft
Versions Affected:
Internet Explorer 7.0 Beta 2 (7.0.5296.0)
Overview:
A denial of service vulnerability exists within Microsoft Internet
Explorer 7.0 Beta 2 which allows for an attacker to cause the browser to
crash, and or to execute arbitrary code on the targeted host.
Technical Details:
When running a specially crafted .html file, urlmon.dll
inproperly parses the 'BGSOUND SRC=file://---' (approx. 344 dashes) and
causes the crash.
The following html code will trigger the crash:
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
---------------------------------- >
or hit the following url:
http://www.security-protocols.com/poc/sp-x23.html
Vendor Status:
Microsoft was notified.
Workaround:
Mozilla Firefox
Discovered by:
Tom Ferris
Related Links:
http://www.security-protocols.com/advisory/sp-x23.txt
http://security-protocols.com/modules.php?name=News&file=article&sid=3169
http://www.microsoft.com/windows/IE/ie7/ie7betaredirect.mspx
Copyright (c) 2006 Security-Protocols.com
Ironically the guy who discovered the exploit mentions the Workaround as being Firefox. :giggle:
(No Ratings Yet)
Loading ...