Microsoft Internet Explorer Can Consume All Memory Due to Malicious HTML Code
|
|
SecurityTracker Alert ID: 1001424 |
|
SecurityTracker URL: http://securitytracker.com/id/1001424
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 24 2001
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): IE 5.5 with SP1
|
Description:
A vulnerability has been reported in Microsoft's Internet Explorer web browser that allows a remote user to create malicious HTML that can cause another user's browser to consume all memory and potentially crash.
When the appropriate malicious code is presented to the web browser (either via a web page or via HTML-based e-mail), IE will display a security warning asking the user for confirmation. If the user answers "No" to the security query, an instance of the "word.application" object will be created. The code is reportedly not executed, however, memory is allocated for the object.
Some demonstration exploit code follows:
//---------cut here--------------------------
<HTML>
<SCRIPT LANGUAGE="VbScript">
On Error Resume Next
Dim a
Dim i
for i=1 to 100
Set a = CreateObject("Word.Application")
Next
</SCRIPT>
</HTML>
//---------end of cut------------------------
|
Impact:
A remote user could create a malicious web page or HTML-based e-mail such that, when the victim loads the HTML, the victim's IE browser consumes all available memory, resulting in a potential system crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
