Re: Revisited Internet Explorer 6 DoS Bug

["Eric N. Valor" <ericv () cruzio com>]

I tried with my W2K box and Netscape 7.02, IE 5.0, and Mozilla1.2.1 and did 
not freeze with either.  I'm using W2K-SP2 and have devices attached to both 
COM1 and COM2.

> From: "Peter Kruse" <kruse () krusesecurity dk>
>
> Hi all,
>
> The problem is surely related to the serial communication ports. It can
> also, besides from the AUX call, be reproduced with a file:///c:/com1 or
> file:///c:/com2 and so on ;-)
>
> It´s possible to remotely DoS a browser this way. I´ve recieved several
> reports, that this issue affects many other browsers, and can cause
> Mcirosoft Windows to completely crash.  
>
> I have put up a new testpage using a simple: <img src=file:///c:/com1>
> at:
> http://www.krusesecurity.dk/com1_dos.htm
>
> [Don´t go there unless you really want to!]
>
> This attack can also be conducted with HTML based e-mails.


-- 
Eric N. Valor
ericv () cruzio com
PGP Key 2048/1024 227B04CB
Key Fingerprint = 766C CA15 0FFF E54B 2FEE  C7D7 0F87 3AFB 227B 04CB

: This Space Intentionally Left Blank :
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html