This appears to be a Java VM issue plus a little MS bonus. Very interesting that even with Java DISABLED - IE still hangs! Netscape runs fine with Java DISABLED - dies quickly with it enabled. NT Version 4.0 (Build 1381: Service Pack 6) IE Version 5.50 (Build 4807.2300) Updates SP2; Q306121; MS JAVA VM 5.0.3802.0 Netscape 4.73 w/ Netscape Java Interpreter 4.73.0.5 (jrt3240.dll) CPU 1 GenuineIntel x86 Family 6 Model 8 Stepping 6 ~993 Mhz CPU 2 GenuineIntel x86 Family 6 Model 8 Stepping 6 ~993 Mhz Total Physical Memory 1047596 KB Available Physical Memory 16016 KB Page File Usage 0% Total Virtual Memory 2097024 KB Netscape 4.73 (w/java & javascript DE-ACTIVATED): Page Loads form in ~5 seconds; empty text entry box -- no issue Netscape 4.73 (w/java & javascript ACTIVE): Page load form in ~ 5 sec then takes 100% of 1 CPU (CFD running on other) then DR Watsons in about 15 seconds with Error Access violation (0xc0000005) IE 5.5.4807.2300 (Internet Zone: Java DISABLED) No form loads - indicates opening secondary page On secondary Page load (www.teknix.vwe.net) takes 100% of idle CPU Spun wheels for 10 minutes -- until killed IE 5.5.4807.2300 (Internet Zone: Java High Security) No form loads - indicates opening secondary page On secondary Page load takes 100% of idle CPU Spun wheels for 10 minutes -- until killed IE 5.5.4807.2300 (Internet Zone: Java Low Security) No form loads - indicates opening secondary page On secondary Page load takes 100% of idle CPU Spun wheels for 10 minutes -- until killed > -----Original Message----- > From: Wodahs Latigid [mailto:wodahs@mail.com] > Sent: Thursday, December 06, 2001 5:16 AM > To: bugtraq@securityfocus.com; vuln-dev@securityfocus.com > Subject: Another IE denial of service attack > > > Hi, > > While we're on the subject of Internet Explorer DoS attacks, > heres one that I found a while back. On a P800 with 512mb RAM, > it causes 100% CPU utilisation and hangs Internet Explorer > until it is killed. This is more of an annoyance than anything. > > This has been tested with IE version 4 on Windows NT, versions > 5.5 and 5.5sp2 on Windows 95, and version 5.00 on Windows 2000 > with the same results. > > You can find the test page at: > http://www.ministryofpeace.co.uk/iehang.html > > The problem seems to occur when continuously updating a > simple form text box over and over. I have also found that > pasting a large amount of any letter into such a text box > will eventually crash IE - can anyone verify this? > > > Teknix > http://www.ministryofpeace.co.uk/ > > > > > > > > > > > > > > > > > > > -- > > _______________________________________________ > > Sign-up for your own FREE Personalized E-mail at Mail.com > > http://www.mail.com/?sr=signup > > > > > > 1 cent a minute calls anywhere in the U.S.! > > > > http://www.getpennytalk.com/cgi-bin/adforward.cgi?p_key=RG9853 KJ&url=http://www.getpennytalk.com
