An 11 byte attack against Microsoft Internet Explorer allows for an attacker to denial of service the application due to a memory corruption vulnerability. Versions affected: 5.x, 6.1 SP1.
cb16ac1e7998cbf382f0139889778d75TITLE
=====
Memory Corruption Vulnerability
DESCRIPTION
===========
Internet Explorer is the flagship broswer for the Microsoft Windows OS.
PROBLEM
=======
Affected Versions : Internet Explorer 5.x, 6.1 SP1
Tested Platforms : Windows 2k, Windows XP
Internet Explorer is vulnerable to numerous security holes, and this
one is not that big of a deal, but worth
mentioning. This memory corruption vulnerability allows an attacker to
DoS the application itself, no more no less.
An attacker can shutdown Internet Explorer with only 11 bytes.
DETAILS
=======
[Cascading Style Sheet(CSS) Memory Corruption]
There are 1001 ways that an attacker can use to hack, exploit, and
crash IE but we believe this is one of the most
compact attacks ever, as an attacker needs only 11 bytes to crash IE.
This vulnerability does not give the attacker the
ability to exploit and execute arbitrary code or cause any real damage
to the victim, but rather it corrupts the memory space
allocated by IE.
There was a similar vulnerability which has been reported earlier, but
this one is more compact.
IE seems to have problems handling Cascading Style Sheet (CSS) elements
and therefore an attacker can easily crash IE by using
the following, imho, weird combinations of CSS elements:
<STYLE>@;/*
There you go, 11 bytes is all it takes to crash IE. Having <STYLE>@;/*
alone is enough, other <HTML> tags are not necessary.
If you're too lazy to test this yourself, then we have conveniently
created a sample 11 byte html at:
http://www.ecqurity.com/adv/11.html
VENDOR STATUS
=============
This would most likely be small problem to Microsoft and we decided not
to report it. Internet Explorer still has quite a few
serious unpatched security holes in it, and we don't think this one
deserves Microsoft's attention. In the meantime, perhaps
using a different browser to surf the web is in order.
CONTACT
=======
phuong at ecqurity .com
david at ecqurity .com
http://www.ecqurity.com
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!