Multiple Malicious IMG Tags Denial of Service Vulnerability

vendor:

N/A

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Microsoft Windows

2002

Multiple Malicious IMG Tags Denial of Service Vulnerability

Multiple malicious IMG tags containing a unique 'mailto:' link can cause a denial of service to users who view webpages they are embedded into. The browser will crash, and system resources may be exhausted enough to cause the entire machine to crash.

Mitigation:

Limit the number of IMG tags that can be embedded in a webpage.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3122/info

An issue which affects users of multiple web browsers on Microsoft Windows platforms has been discovered.

Multiple malicious IMG tags may cause a denial of services to users who view webpages they are embedded into. Any medium which allows web users to embed a sufficient amount of HTML code that will be displayed to other users(forums, guestbooks, etc.) is a potential attack vehicle for a malicious user. Additionally, malicious webmasters may construct webpages which exploit this vulnerability.

The multiple malicious IMG tags will contain a unique 'mailto:' link, forcing the affected browser to open a corresponding number of e-mail compose windows. At the very least the browser will crash, but system resources may be exhausted enough to cause the entire machine to crash. 

Post 100+ IMG Tags, each with a unique 'mailto:' link.

<img src="mailto:johndoe1@example.com">
<img src="mailto:johndoe2@example.com">
etc.