Microsoft Internet Explorer “window()” Denial of Service Weakness

Benjamin Tobias Franz has discovered a weakness in Internet Explorer, which can be exploited by malicious people to cause a DoS (Denial of Service).  The problem is caused due to certain objects not being initialized correctly. This can be exploited to crash a vulnerable browser via some specially crafted JavaScript code called directly when a site has been loaded.

NOTE: It is currently not believed that this issue can be exploited for code execution purposes, but this cannot be ruled out completely.

The weakness has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.

Solution: Disable Active Scripting except for trusted sites.

Leave a Reply