Cute little hole in IE security

Kylere · Post by **Kylere** » July 27, 2004, 9:14 am

TITLE
=====

Memory Corruption Vulnerability

DESCRIPTION
===========

Internet Explorer is the flagship browser for the Microsoft Windows OS.

RESEARCHERS
===========

Phuong Nguyen -- phuong at ecqurity . com
David Coomber -- david at ecqurity . com

SUMMARY
=======

Vulnerable Systems:
* Internet Explorer versions 5.x up to SP3 inclusive
* Internet Explorer versions up to 6.1 SP1 inclusive

Immune Systems:
* Internet Explorer version 5 SP4

Tested Platforms:
* Windows 2k, Windows XP

Internet Explorer is vulnerable to numerous security holes, and this one is not that big of a deal, but worth
mentioning. This memory corruption vulnerability allows an attacker to DoS the application itself, no more no less.
An attacker can shutdown Internet Explorer with only 11 bytes.

DETAILS
=======

[Cascading Style Sheet(CSS) Memory Corruption]

There are 1001 ways that an attacker can use to hack, exploit, and crash IE but we believe this is one of the most
compact attacks ever, as an attacker needs only 11 bytes to crash IE. This vulnerability does not give the attacker the
ability to exploit and execute arbitrary code or cause any real damage to the victim, but rather it corrupts the memory space
allocated by IE.

There was a similar vulnerability which has been reported earlier, but this one is more compact.
IE seems to have problems handling Cascading Style Sheet (CSS) elements and therefore an attacker can easily crash IE by using
the following, imho, weird combinations of CSS elements:

<STYLE>@;/*

There you go, 11 bytes is all it takes to crash IE. Having <STYLE>@;/* alone is enough, other HTML tags are not necessary.
If you're too lazy to test this yourself, then we have conveniently created a demonstration page at:

http://www.ecqurity.com/adv/11.html

VENDOR STATUS
=============

This would most likely be small problem to Microsoft and we decided not to report it. Internet Explorer still has quite a few
serious unpatched security holes in it, and we don't think this one deserves Microsoft's attention. In the meantime, perhaps
using a different browser to surf the web is in order.

(data above from http://www.ecqurity.com/adv/IEstyle.html)

Spang · Post by **Spang** » July 27, 2004, 9:29 am

would one get a shitload of viruses if they were to click on any of the above links?

XunilTlatoani · Post by **XunilTlatoani** » July 27, 2004, 11:00 am

/gasp !!! someone found an insignificant bug in software!! stop the presses..

/sarcasm off

At best this belongs in the Computers forum...

Animalor · Post by **Animalor** » July 27, 2004, 11:21 am

You mean my broswer could crash if I go to a website wrote by *anonymous_scriptkiddie_01*?

OMG!!!!

Dregor Thule · Post by **Dregor Thule** » July 27, 2004, 12:13 pm

I think Kylere goes around painting scarlet IE's on peoples computers.

Post by **Sylvus** » July 27, 2004, 12:24 pm

this is such a non-issue.

This vulnerability does not give the attacker the ability to exploit and execute arbitrary code or cause any real damage to the victim, but rather it corrupts the memory space allocated by IE.

gg on trying to scare people though, i bet you're really engorged now!

noel · Post by **noel** » July 27, 2004, 12:50 pm

So wait, let me get this straight. A stylesheet, with text that no legitimate website would ever want to have running (last I checked the whole point of websites was for people to WANT to go to them), will crash my browser? Each and every time? GREAT! That's a spectacular way to keep me from going to that site over and over again.

Akaran_D · Post by **Akaran_D** » July 27, 2004, 12:55 pm

At best it would allow someone to link to a page proclaiming free porn, or something equally inane, and laugh at the clever victims that fall for it every time.

I'm not impressed.

I'll be more impressed when I can get some really fun CSS tricks to work in Firefox and whatnot that only work in IE, such as changing the scrollbar colors.

But that's the price you pay for being a non conformist..

Aslanna · Post by **Aslanna** » July 27, 2004, 1:22 pm

Internet Explorer is the flagship browser for the Microsoft Windows OS.

I learned something new!

Post by **Sylvus** » July 27, 2004, 2:51 pm

Just for shits and giggles, here are the vv stats:

<table border='1' cellpadding='5'><tr><td colspan='3' align='center'>April</td></tr><tr><td>Browser</td><td>Hits</td><td>Percent</td></tr><tr><td>MS Internet Explorer</td><td>5956174</td><td>95.7 %</td></tr><tr><td>Netscape</td><td>206435</td><td>3.3 %</td></tr><tr><td>Unknown </td><td>39731</td><td> 0.6 %</td></tr><tr><td>Opera</td><td>11208</td><td> 0.1 %</td></tr><tr><td>Safari</td><td>6220</td><td> 0.1 %</td></tr><tr><td>Konqueror</td><td>107</td><td> 0%</td></tr><tr><td colspan='3' align='center'>May</td></tr><tr><td>Browser</td><td>Hits</td><td>Percent</td></tr><tr><td>MS Internet Explorer</td><td>3977955</td><td>95 %</td></tr><tr><td>Netscape</td><td>157396</td><td>3.7 %</td></tr><tr><td>Unknown </td><td>38712</td><td> 0.9 %</td></tr><tr><td>Opera</td><td>6455</td><td> 0.1 %</td></tr><tr><td>Safari</td><td>5228</td><td> 0.1 %</td></tr><tr><td>Konqueror</td><td>580</td><td> 0%</td></tr><tr><td colspan='3' align='center'>June</td></tr><tr><td>Browser</td><td>Hits</td><td>Percent</td></tr><tr><td>MS Internet Explorer</td><td>3907484</td><td>94.7 %</td></tr><tr><td>Netscape</td><td>158104</td><td>3.8 %</td></tr><tr><td>Unknown </td><td>44859</td><td> 1 %</td></tr><tr><td>Opera</td><td>7312</td><td> 0.1 %</td></tr><tr><td>Safari</td><td>6733</td><td> 0.1 %</td></tr><tr><td>Konqueror</td><td>196</td><td> 0%</td></tr></table>

IE use is falling, it appears they're in danger of being overtaken!

Winnow · Post by **Winnow** » July 27, 2004, 3:15 pm

Sylvus wrote: IE use is falling, it appears they're in danger of being overtaken!

Total combined hits have taken a beating over the past 2 months. This may be directly related to the loss of VV points or lack of good flame wars. (or just summer boredom)

Should Veeshan Vault evolve to "A Gaming community" instead of "An Everquest Community"? All it would take is a quick sweep of some other mesage boards with some strategically placed flames to bring up the total hits count.

Jackass the Globe 2004 Campaign!

Post by **Sylvus** » July 27, 2004, 3:25 pm

No, I could have gone farther back and you'd see that April's increase in hits is a spike caused by FF and the pictures that came as a result.

Dregor Thule · Post by **Dregor Thule** » July 27, 2004, 3:36 pm

Keep in mind that 75% of those Unknowns are Kylere spam refreshing his threads.

Truant · Post by **Truant** » July 27, 2004, 3:38 pm

omg i was so scared I downloaded Avant as fast as I could.

Ransure · Post by **Ransure** » July 27, 2004, 4:42 pm

Damnit Tru, that was my response.....

Kilmoll the Sexy · Post by **Kilmoll the Sexy** » July 28, 2004, 6:14 pm

Sylvus wrote:Just for shits and giggles, here are the vv stats:

<table border='1' cellpadding='5'><tr><td colspan='3' align='center'>April</td></tr><tr><td>Browser</td><td>Hits</td><td>Percent</td></tr><tr><td>MS Internet Explorer</td><td>5956174</td><td>95.7 %</td></tr><tr><td>Netscape</td><td>206435</td><td>3.3 %</td></tr><tr><td>Unknown </td><td>39731</td><td> 0.6 %</td></tr><tr><td>Opera</td><td>11208</td><td> 0.1 %</td></tr><tr><td>Safari</td><td>6220</td><td> 0.1 %</td></tr><tr><td>Konqueror</td><td>107</td><td> 0%</td></tr><tr><td colspan='3' align='center'>May</td></tr><tr><td>Browser</td><td>Hits</td><td>Percent</td></tr><tr><td>MS Internet Explorer</td><td>3977955</td><td>95 %</td></tr><tr><td>Netscape</td><td>157396</td><td>3.7 %</td></tr><tr><td>Unknown </td><td>38712</td><td> 0.9 %</td></tr><tr><td>Opera</td><td>6455</td><td> 0.1 %</td></tr><tr><td>Safari</td><td>5228</td><td> 0.1 %</td></tr><tr><td>Konqueror</td><td>580</td><td> 0%</td></tr><tr><td colspan='3' align='center'>June</td></tr><tr><td>Browser</td><td>Hits</td><td>Percent</td></tr><tr><td>MS Internet Explorer</td><td>3907484</td><td>94.7 %</td></tr><tr><td>Netscape</td><td>158104</td><td>3.8 %</td></tr><tr><td>Unknown </td><td>44859</td><td> 1 %</td></tr><tr><td>Opera</td><td>7312</td><td> 0.1 %</td></tr><tr><td>Safari</td><td>6733</td><td> 0.1 %</td></tr><tr><td>Konqueror</td><td>196</td><td> 0%</td></tr></table>

IE use is falling, it appears they're in danger of being overtaken!

You notice Netscape use rising as the new breed of retards joined the board with their AOL and its blazing speeds.....

archeiron · Post by **archeiron** » July 28, 2004, 6:28 pm

Kilmoll the Sexy wrote:You notice Netscape use rising as the new breed of retards joined the board with their AOL and its blazing speeds.....

Wouldn't all Mozilla browsers (e.g. Firefox) be flagged as Netscape under that breakdown?

If you go to W3 Schools, you will see that Mozilla use in on the rise (up to 1/6 from 1/25 last year). http://www.w3schools.com/browsers/browsers_stats.asp

noel · Post by **noel** » July 28, 2004, 6:29 pm

Also, correct me if I'm wrong, but I believe the default browser for AOL is currently a version of Internet Explorer. Not being an AOL user myself, I'm not certain.

masteen · Post by **masteen** » July 29, 2004, 12:36 pm

VV gets 5 million hits a month?

Kilmoll the Sexy · Post by **Kilmoll the Sexy** » July 29, 2004, 12:48 pm

AOL bought Netscrape in 1999.

noel · Post by **noel** » July 29, 2004, 12:49 pm

But AOL's default browser is IE... Isn't that veird?

http://www.infotoday.com/newsbreaks/nb030804-1.shtml

AOL to Drop Netscape
by Sheri R. Lanza

--------------------------------------------------------------------------------
August 4, 2003 — What’s the one thing almost everyone agrees is a necessity? A good Web browser. On July 15, America Online announced its pledge of $2 million to the Mozilla Foundation, a new, independent, nonprofit organization that will continue to promote the development of the Mozilla Web browser. This announcement created quite a stir within the Internet community and heralded a change in the browser landscape.
AOL owns Netscape, the long-established and once leading browser. About the same time it announced the contribution to Mozilla, AOL laid off 10 percent of the Netscape staff (approximately 50 people). In addition, AOL recently signed a 7-year agreement with Microsoft to exclusively offer Microsoft Internet Explorer as its browser.

The rumor mill started soon after. Was Netscape on its way out? Speculation abounded, with the final (unofficial) consensus tolling Netscape’s death knell. Many were convinced that AOL would discontinue its support of Netscape and there would be no further releases or updates to the existing version.

AOL spokesperson Andrew Weinstein assured me that his company would continue to support Netscape. In spite of appearances, Netscape is part of AOL’s multibrand strategy. Weinstein said that the layoffs were part of an “ongoing strategy, matching employees with the company’s strategic priorities.” He also indicated that many of the former workers had already secured employment with the Mozilla Foundation. I was left with the impression that AOL was denying any plans to phase out Netscape.

If the Netscape browser disappeared, it could affect vendors in the information community who in the past have had to optimize their Web products for both Internet Explorer and Netscape—and multiple versions of each in many cases. For example, when Factiva phased out Dow Jones Interactive, the new product, Factiva.com, was optimized for Internet Explorer and not made compatible with Netscape.

If I remember correctly, the reason AOL bought Netscape was for their server technology, not their browser.

Kilmoll the Sexy · Post by **Kilmoll the Sexy** » July 29, 2004, 1:02 pm

If that isn't completely retarded. No wonder that worthless piece of shit company keeps cutting payroll for the Braves! They need it to waste on stupid shit.

noel · Post by **noel** » July 29, 2004, 1:09 pm

Consider this...

We're also talking about the company that develops AIM, and owns ICQ as well.