|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Potential IE5 DoS bug?
From: John Toms (johntoms
HOME.COM)Date: Fri Mar 10 2000 - 23:53:55 CST
- Next message: Dag Nummedal: "FW: Network File Resource Vulnerability"
- Previous message: Steve: "Crash IE 5.0 Code"
- In reply to: MJE: "Potential IE5 DoS bug?"
- Reply: John Toms: "Re: Potential IE5 DoS bug?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mark,
I found that it also hung my ie5 as well. I am running WIN2K Pro (Release)
w/ ie5 (5.00.2920.0000) 128-bit. I have all the latest hotfixes installed as
of about two days ago.
In addition to causing the CPU to cycle unceasingly, it also caused my
memory usage to increase. I started ie5 and opened the page from my local
drive. Using task manager, I monitored the CPU usage, memory usage, and CPU
time usage. Prior to pushing the button, my memory usage for the
iexplorer.exe process was 6700K and it was 135120 K for the whole system.
(Thank god memory is relatively cheap nowadays:-).)
After pushing the button, I didn’t observe any CPU or memory changes until I
changed the focus to another open window and then back to ie5. At this
point, the CPU usage climbed to 99% and the memory usage also started
increasing. I let it run for 5 minutes and when I finally killed the
process, the process memory was at 8548K and the system memory was up to
136460K. Both were steadily increasing 4-12k every few seconds.
I actually tested this several times and as I stated before, it only hangs
for me when I change the focus and then change it back to ie5. However, in
response to your original query, yes Virginia, there is a Santa Claus.
John
-----Original Message-----
From: MJE [mailto:markNTSHOP.NET]
Sent: Friday, March 10, 2000 1:34 PM
To: win2ksecadviceLISTSERV.NTSECURITY.NET
Subject: Potential IE5 DoS bug?
I recv'd an interesting piece of code this week that alleges to crash IE 5.
I ran this code on a bare test system (NT 4.0 Wkstn with SP5 and patches)
and found that the code maximized CPU usage at 100%. CPU usage remained
max'd until I stopped the IEXPLORE.EXE process associated with the browser.
Browser version was 5.00.2314.1003 with 128-bit SSL installed
I sent this code to Microsoft, where the company promptly responded that
they cannot reproduce the problem. So I'm left to run tests in the field.
If you all could test this code and report your findings to me ONLY IF IT
ADVERSELY AFFECTS YOUR SYSTEM then I would truly appreciate it.
Thanks.
MJE - markntsecurity.net <mailto:markntsecurity.net>
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Dag Nummedal: "FW: Network File Resource Vulnerability"
- Previous message: Steve: "Crash IE 5.0 Code"
- In reply to: MJE: "Potential IE5 DoS bug?"
- Reply: John Toms: "Re: Potential IE5 DoS bug?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]