[SEGURIDAD] Microsoft Internet Explorer --Large Text File Denial of Service--

Internet Explorer Large Text File Denial of Service
http://www.kurczaba.com/securityadv...407111.htm


Vulnerability ID Number: 0407111

Overview:
A Denial of Service (DoS) vulnerability has been found in Microsoft
Internet Explorer.

Vendor: Microsoft (http://www.microsoft.com)

Affected Systems/Configuration:
This test was done on a Windows XP Professional machine, with the
latest version of Internet Explorer (6.0.2800.1106.xpsp2.030422-1633).
All Microsoft security patches (hotfixes) and service packs are
installed

Vulnerability/Exploit:
It is possible to crash Internet Explorer by browsing a specially
crafted, large text file. The one I used to test was 4 megabytes and
contained all "1"s. After about ten seconds, Internet Explorer will
stop responding.

Workaround:

None. Program must be terminated by Task Manager

Proof of Concept:
http://www.kurczaba.com/securityadv...111poc.txt

Date Discovered: July 6, 2004

Severity: Medium

Credit:
Paul Kurczaba
Kurczaba Associates

Discussion of this vulnerability can be found at:
http://forums.kurczaba.com/forum_topics.asp?FID




Antes de probarlo --Proof of Concept:-- guardar lo que tengais.


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


«Prefiero molestar con la verdad que complacer con adulaciones (Lucio Anneo Seneca)»