Safari 1.0 Beta 2 (v73)
PID COMMAND %CPU TIME #TH #PRTS #MREGS RPRVT RSHRD RSIZE VSIZE
3249 Safari 94.2% 0:07.20 4 108 288 5.40M 23.1M 14.7M 130M
On Tuesday, April 29, 2003, at 11:23 AM, ERRor wrote:
Hello, Bugtraq.
Malicious htm file can freeze IE with 100% CPU usage: Construct the file freeze.htm: c:\>perl -e "print qq'\xFF\xFE'; print qq'\r\n' x 30000" > freeze.htm
After opening freeze.htm IE will hang with 100% CPU usage until IEXPLORE.EXE
process is not killed. Two bytes (0xff 0xfe) at the beginning of the file
mean that
the encoding is unicode. So the internal unicode representation of the CR LF
sequence
will look like 0D0A0D0A but not 000D000A (if the file was a plain ASCII).
Tested on IE 6.0 with all fixes, i think other versions also vulnerable.
Best Regards, ERRor, dHtm. P.S. greets to .einstein. and dHtm
