[23421] in bugtraq
RE: Another IE denial of service attack
daemon@ATHENA.MIT.EDU (Timothy Luce)
Thu Dec 6 23:05:52 2001
Reply-To: <tluce@PTI-Pump.com>
From: "Timothy Luce" <tluce@PTI-Pump.com>
To: "'Wodahs Latigid'" <wodahs@mail.com>
Cc: <bugtraq@securityfocus.com>, <vuln-dev@securityfocus.com>
Date: Thu, 6 Dec 2001 12:48:41 -0500
Message-ID: <000d01c17e7e$3edf86a0$14020a0a@PTIPump.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20011206101628.85627.qmail@mail.com>
This appears to be a Java VM issue plus a little MS bonus.
Very interesting that even with Java DISABLED - IE still hangs!
Netscape runs fine with Java DISABLED - dies quickly with it enabled.
NT Version 4.0 (Build 1381: Service Pack 6)
IE Version 5.50 (Build 4807.2300) Updates SP2; Q306121;
MS JAVA VM 5.0.3802.0
Netscape 4.73 w/ Netscape Java Interpreter 4.73.0.5 (jrt3240.dll)
CPU 1 GenuineIntel x86 Family 6 Model 8 Stepping 6 ~993 Mhz
CPU 2 GenuineIntel x86 Family 6 Model 8 Stepping 6 ~993 Mhz
Total Physical Memory 1047596 KB
Available Physical Memory 16016 KB
Page File Usage 0%
Total Virtual Memory 2097024 KB
Netscape 4.73 (w/java & javascript DE-ACTIVATED):
Page Loads form in ~5 seconds; empty text entry box -- no issue
Netscape 4.73 (w/java & javascript ACTIVE):
Page load form in ~ 5 sec then takes 100% of 1 CPU (CFD running on other)
then
DR Watsons in about 15 seconds with Error
Access violation (0xc0000005)
IE 5.5.4807.2300 (Internet Zone: Java DISABLED)
No form loads - indicates opening secondary page
On secondary Page load (www.teknix.vwe.net) takes 100% of idle CPU
Spun wheels for 10 minutes -- until killed
IE 5.5.4807.2300 (Internet Zone: Java High Security)
No form loads - indicates opening secondary page
On secondary Page load takes 100% of idle CPU
Spun wheels for 10 minutes -- until killed
IE 5.5.4807.2300 (Internet Zone: Java Low Security)
No form loads - indicates opening secondary page
On secondary Page load takes 100% of idle CPU
Spun wheels for 10 minutes -- until killed
> -----Original Message-----
> From: Wodahs Latigid [mailto:wodahs@mail.com]
> Sent: Thursday, December 06, 2001 5:16 AM
> To: bugtraq@securityfocus.com; vuln-dev@securityfocus.com
> Subject: Another IE denial of service attack
>
>
> Hi,
>
> While we're on the subject of Internet Explorer DoS attacks,
> heres one that I found a while back. On a P800 with 512mb RAM,
> it causes 100% CPU utilisation and hangs Internet Explorer
> until it is killed. This is more of an annoyance than anything.
>
> This has been tested with IE version 4 on Windows NT, versions
> 5.5 and 5.5sp2 on Windows 95, and version 5.00 on Windows 2000
> with the same results.
>
> You can find the test page at:
> http://www.ministryofpeace.co.uk/iehang.html
>
> The problem seems to occur when continuously updating a
> simple form text box over and over. I have also found that
> pasting a large amount of any letter into such a text box
> will eventually crash IE - can anyone verify this?
>
>
> Teknix
> http://www.ministryofpeace.co.uk/
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> _______________________________________________
>
> Sign-up for your own FREE Personalized E-mail at Mail.com
>
> http://www.mail.com/?sr=signup
>
>
>
>
>
> 1 cent a minute calls anywhere in the U.S.!
>
>
>
> http://www.getpennytalk.com/cgi-bin/adforward.cgi?p_key=RG9853
KJ&url=http://www.getpennytalk.com
