Computer Security - Microsoft Internet Explorer Frameset Denial of Service Vulnerability

06-07-2006, 12:09 AM

Microsoft Internet Explorer Frameset Denial of Service Vulnerability

"Microsoft Internet Explorer is affected by a denial-of-service
vulnerability. This issue arises because the application fails to handle
exceptional conditions in a proper manner.

An attacker may exploit this issue by enticing a user to visit a malicious
site and then to click anywhere on the page. This results in a
denial-of-service condition in the application.

Internet Explorer version 6 is vulnerable to this issue; earlier versions
may also be affected."

http://www.securityfocus.com/bid/18277/discuss

-- Imhotep

imhotep

06-07-2006, 12:54 AM

imhotep wrote:

> http://www.securityfocus.com/bid/18277/discuss

Frame-set where a frame tries to resize itself crashes IE.

[X] Tell news.

Sebastian Gottschalk

06-07-2006, 01:59 AM

Sebastian Gottschalk wrote:

> imhotep wrote:
>
>> http://www.securityfocus.com/bid/18277/discuss
>
> Frame-set where a frame tries to resize itself crashes IE.
>
> [X] Tell news.

....wait a month and it will be a buffer overun vulnerability!

Im

imhotep

06-07-2006, 03:41 AM

imhotep wrote:

>> Frame-set where a frame tries to resize itself crashes IE.
>>
>> [X] Tell news.
>
> ....wait a month and it will be a buffer overun vulnerability!

Pretty unlikely that this could turn out as such.

Sebastian Gottschalk

06-07-2006, 04:46 AM

Sebastian Gottschalk wrote:

> imhotep wrote:
>
>>> Frame-set where a frame tries to resize itself crashes IE.
>>>
>>> [X] Tell news.
>>
>> ....wait a month and it will be a buffer overun vulnerability!
>
> Pretty unlikely that this could turn out as such.

....and why do you say this?

-- Imhotep

imhotep

06-07-2006, 05:10 AM

imhotep wrote:
> Sebastian Gottschalk wrote:
>
>> imhotep wrote:
>>
>>>> Frame-set where a frame tries to resize itself crashes IE.
>>>>
>>>> [X] Tell news.
>>> ....wait a month and it will be a buffer overun vulnerability!
>> Pretty unlikely that this could turn out as such.
>
> ....and why do you say this?

Would you please take a close look on the exploit? And maybe at the
relevant part of the source code? It's a simple assertation error.

Sebastian Gottschalk

06-07-2006, 06:31 AM

Sebastian Gottschalk wrote:

> imhotep wrote:
>> Sebastian Gottschalk wrote:
>>
>>> imhotep wrote:
>>>
>>>>> Frame-set where a frame tries to resize itself crashes IE.
>>>>>
>>>>> [X] Tell news.
>>>> ....wait a month and it will be a buffer overun vulnerability!
>>> Pretty unlikely that this could turn out as such.
>>
>> ....and why do you say this?
>
> Would you please take a close look on the exploit? And maybe at the
> relevant part of the source code? It's a simple assertation error.

....I don't doubt it. I am saying what else can be done with it? Put on
your ""creative hat"....most coding errors can be expolited...

Im

imhotep

06-07-2006, 12:54 AM	#2
Sebastian Gottschalk Posts: n/a	Re: Microsoft Internet Explorer Frameset Denial of Service Vulnerability imhotep wrote: > http://www.securityfocus.com/bid/18277/discuss Frame-set where a frame tries to resize itself crashes IE. [X] Tell news. Sebastian Gottschalk

06-07-2006, 01:59 AM	#3
imhotep Posts: n/a	Re: Microsoft Internet Explorer Frameset Denial of Service Vulnerability Sebastian Gottschalk wrote: > imhotep wrote: > >> http://www.securityfocus.com/bid/18277/discuss > > Frame-set where a frame tries to resize itself crashes IE. > > [X] Tell news. ....wait a month and it will be a buffer overun vulnerability! Im imhotep

06-07-2006, 03:41 AM	#4
Sebastian Gottschalk Posts: n/a	Re: Microsoft Internet Explorer Frameset Denial of Service Vulnerability imhotep wrote: >> Frame-set where a frame tries to resize itself crashes IE. >> >> [X] Tell news. > > ....wait a month and it will be a buffer overun vulnerability! Pretty unlikely that this could turn out as such. Sebastian Gottschalk

06-07-2006, 04:46 AM	#5
imhotep Posts: n/a	Re: Microsoft Internet Explorer Frameset Denial of Service Vulnerability Sebastian Gottschalk wrote: > imhotep wrote: > >>> Frame-set where a frame tries to resize itself crashes IE. >>> >>> [X] Tell news. >> >> ....wait a month and it will be a buffer overun vulnerability! > > Pretty unlikely that this could turn out as such. ....and why do you say this? -- Imhotep imhotep

06-07-2006, 05:10 AM	#6
Sebastian Gottschalk Posts: n/a	Re: Microsoft Internet Explorer Frameset Denial of Service Vulnerability imhotep wrote: > Sebastian Gottschalk wrote: > >> imhotep wrote: >> >>>> Frame-set where a frame tries to resize itself crashes IE. >>>> >>>> [X] Tell news. >>> ....wait a month and it will be a buffer overun vulnerability! >> Pretty unlikely that this could turn out as such. > > ....and why do you say this? Would you please take a close look on the exploit? And maybe at the relevant part of the source code? It's a simple assertation error. Sebastian Gottschalk

06-07-2006, 12:09 AM	#1
	Microsoft Internet Explorer Frameset Denial of Service Vulnerability Microsoft Internet Explorer Frameset Denial of Service Vulnerability "Microsoft Internet Explorer is affected by a denial-of-service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner. An attacker may exploit this issue by enticing a user to visit a malicious site and then to click anywhere on the page. This results in a denial-of-service condition in the application. Internet Explorer version 6 is vulnerable to this issue; earlier versions may also be affected." http://www.securityfocus.com/bid/18277/discuss -- Imhotep imhotep

06-07-2006, 06:31 AM	#7
imhotep Posts: n/a	Re: Microsoft Internet Explorer Frameset Denial of Service Vulnerability Sebastian Gottschalk wrote: > imhotep wrote: >> Sebastian Gottschalk wrote: >> >>> imhotep wrote: >>> >>>>> Frame-set where a frame tries to resize itself crashes IE. >>>>> >>>>> [X] Tell news. >>>> ....wait a month and it will be a buffer overun vulnerability! >>> Pretty unlikely that this could turn out as such. >> >> ....and why do you say this? > > Would you please take a close look on the exploit? And maybe at the > relevant part of the source code? It's a simple assertation error. ....I don't doubt it. I am saying what else can be done with it? Put on your ""creative hat"....most coding errors can be expolited... Im imhotep

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Computer Security	aldrich.chappel.com.use@gmail.com	A+ Certification	0	11-27-2007 02:11 AM
OT: Certifications... Worth it?	Michael D. Alligood	MCTS	12	04-10-2007 10:16 PM
OT: Certifications... Worth it?	Michael D. Alligood	MCITP	12	04-10-2007 10:16 PM
Re: Microsoft Internet Explorer	Jason Peavey	A+ Certification	0	11-03-2005 08:03 PM
Re: Microsoft Internet Explorer	Atxa	A+ Certification	0	11-01-2005 05:09 PM