Re: MSIE flaws: nested array sort() loop Stack overflow exception

I don't think this flaw is exploitable.In MSIE, any loop can lead to 
exception.Just like:

<IFRAME SRC=?>

save it as a html file, open it in IE, in about 30 seconds, it will cause a 
stack_overflow exception and exit. Because IE will not stop allocating stack 
buffer, until there is not enough stack space.  

= = = = = = = = = = = = = = = = = = = =

> Hi all,
>
> Another flaw in IE:
>
> <HTML>
>  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
>  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
> </HTML>
>
> Normally I would see if it's exploitable but I figure I'm not MS's pet bug 
> finder/analyser... So, I've CC'ed this message to Microsoft. I'm sure they 
> know their own product better then I do and can analyse the problem much 
> faster. So if you want to know the impact of this vulnerability, ask them: I'm 
> sure they will be more then willing to help you. I'm sure they will even reply 
> to this message with technical details and a patch tomorrow.
>
> Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_ie_flaws.html
>
> Cheers,
> SkyLined
> http://www.edup.tudelft.nl/~bjwever
>
> PS. Don't think firefox will keep you save from hackers, I _know_ it won't ;) 
> But more on that later...
> PS2. Recursive function call will cause stack overflow causing write exception 
> in guard page on a push, no control over registers.

= = = = = = = = = = = = = = = = = = = =
                        

                           Cheers, 
        isno
        isno@xfocus.org
          2004-11-26