BID:12565

Microsoft Internet Explorer Malformed File URI Denial of Service Vulnerability

Info

Microsoft Internet Explorer Malformed File URI Denial of Service Vulnerability

Bugtraq ID:	12565
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Feb 15 2005 12:00AM
Updated:	Feb 15 2005 12:00AM
Credit:	Discovery of this vulnerability is credited to ViPeR <[email protected]>.
Vulnerable:	Microsoft Internet Explorer 6.0 SP1

Not Vulnerable:

Discussion

Microsoft Internet Explorer Malformed File URI Denial of Service Vulnerability

Microsoft Internet Explorer is reported prone to a remote denial of service vulnerability.

It is reported that the affected browser will crash when a malformed 'file:' URI is processed.

A remote attacker may exploit this vulnerability to crash the affected browser.

Exploit / POC

Microsoft Internet Explorer Malformed File URI Denial of Service Vulnerability

No exploit is required; an example is available at the following location:

http://crapware.lx.ro/junkcode/security/ie-sp1-file-a0-crash.htm

Solution / Fix

Microsoft Internet Explorer Malformed File URI Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

Microsoft Internet Explorer Malformed File URI Denial of Service Vulnerability

References:

Technet Security (Microsoft)
IE6 SP1 - Click N Crash (ViPeR )