Re: [Full-Disclosure] IE6 - Crash via DOS device

[|reduced|minus|none| <p00p@instable.net>]

morning_wood wrote:
> Oct 30, 2003
> Donnie Werner
> morning_wood@exploitlabs.com
>
> I thought these bugs in Internet Explorer 6 had been fixed...
>
> all of these make use of a local call to a
> legacy DOS device, example
> ( file:///AUX ) as a link, called in an iframe ( XSS ) or used as an IMG
> tag.
> I tested,  "CON", "PRN", "AUX", "COMx", "LPTx", "CLOCK$" and "NUL"
> only AUX and COM1 caused a lockup of Internet Explorer 6
>
> do these links crash your browser?
> 1. http://exploitlabs.com/files/notices/AUXcrash.html <--- click for links
> to crash
> 2. http://exploitlabs.com/files/notices/AUX-iframe.html <-- click this link
> to crash
> 3. http://exploitlabs.com/files/notices/AUX-img.html <-- click this link to
> crash
>
> note: these can be embeded via Cross Site Scripting ( XSS ) to deny service
> to a website to those clients trying to connect via affected versions of IE6
>
> Donnie Werner
> http://exploit.labs.com
> morning_wood@exploitlabs.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

none of them worked for me...
version 6.0.2800.1106.xpsp2.030422-1633
windows xp corp. with sp1
--
p00p@instable.net
AIM: l4m3n00b
MSN: l4m3n00b@hotmail.com
http://www.instable.net
GnuPG Public Key: http://www.instable.net/pubkey.asc
"The only sovereign you can allow to rule you is reason." - Wizard's 
Sixth Rule, "Faith of the Fallen" by Terry Goodkind



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html