I don't think this flaw is exploitable.In MSIE, any loop can lead to exception.Just like:
<IFRAME SRC=?>
save it as a html file, open it in IE, in about 30 seconds, it will cause a stack_overflow exception and exit. Because IE will not stop allocating stack buffer, until there is not enough stack space.
= = = = = = = = = = = = = = = = = = = =
>Hi all,
>
>Another flaw in IE:
>
><HTML>
> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
></HTML>
>
>Normally I would see if it's exploitable but I figure I'm not MS's pet bug finder/analyser... So, I've CC'ed this message to Microsoft. I'm sure they know their own product better then I do and can analyse the problem much faster. So if you want to know the impact of this vulnerability, ask them: I'm sure they will be more then willing to help you. I'm sure they will even reply to this message with technical details and a patch tomorrow.
>
>Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_ie_flaws.html
>
>Cheers,
>SkyLined
>http://www.edup.tudelft.nl/~bjwever
>
>PS. Don't think firefox will keep you save from hackers, I _know_ it won't ;) But more on that later...
>PS2. Recursive function call will cause stack overflow causing write exception in guard page on a push, no control over registers.
= = = = = = = = = = = = = = = = = = = =
Cheers,
isno
isno@xxxxxxxxxx
2004-11-26
