Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] Microsoft Windows image rendering DoS vuln

from [Andrew] Network Security [Permanent Link]
Subject: [VulnWatch] Microsoft Windows image rendering DoS vuln
Date: Mon, 11 Apr 2005 16:59:37 -0400
Alpha-Pi-Omicron Pi-Alpha-Nu-Tau-Omicron-C?
Kappa-Alpha-Kappa-Omicron-Delta-Alpha-Iota-Mu-Omicron-Nu-Omicron-C?
__ ___ __ _____ _ _ ___ _ _
/ / /___\/ // _ / /\ /(_) __ _| |__ / __\___ _ _ _ __ ___(_) |
/ / // // / \// / / /_/ / |/ _` | '_ \ / / / _ \| | | | '_ \ / __| | |
/ /___/ \_// /___/ //\ / __ /| | (_| | | | | / /__| (_) | |_| | | | | (__| | |
\____/\___/\____/____/ \/ /_/ |_|\__, |_| |_| \____/\___/ \__,_|_| |_|\___|_|_|
|___/ 

Overview

There exists a vulnerabilility in the way Microsoft Windows handles the rendering
of images. By resizing an image with html properties to an extremely large size an
attacker may perform a very quick and effective denial of service attack upon a
victim.


I. Description and PoC

Only clients running Internet Explorer, Firefox, or Avant in Windows 2k or XP have
been confirmed to be vulnerable. Opera does it's own image rendering and is not
ulnerable to this method of attack. The status of Longhorn is not known. Other
operating systems, including Mac OS X and Linux are not vulnerable.

You may point your browser to this URL to see a live demonstration of this attack:

http://www.livejournal.com/users/deeplolz

This may cause an instant reboot or bluescreen detailing a problem with your video
drivers. Other possibilities include an extended period of poor performance until
next reboot, a short to medium period of nonfunctionality or a crash of the
browser.


II. Impact

Because this attack can be performed anywhere an img src is allowed, there are
many forums including blogs, messageboards, and others which are vulnerable. It
is hopeful that Microsoft will release a patch for this attack as soon as
possible.


III. Solution

Until a patch is released you are advised to use the Opera web browser. It might
also be possible to write a script for the Firefox "GreaseMonkey" extension which
performs a workaround for this attack. Such as setting height and width of images
to 5000 pixels if they are currently set to render at over 5000.


Very special shouts: Girlvinyl, Hepkitten, Confkids, and Frienditto (Come back!!!
We need you badly, FD!)

Shouts:
LJD, LJ-Zeera, Encyclopedia Dramatica, Lulz News Network, Project Mayhem, Amalea,
Wednesday Night Karate Explosion, The Gundanium Alloys Manufacturers Association,
Richmond Flash Mob Society, RVA_BS, RVA_FYAD, Brad Fitzpatrick, Mena Trott, SALJ,
The International Department of Internet Security, #telconinjas, undernet #drugs,
The Kadaitcha Dancers, psychotic vegans, Warren Ellis, and pro-ana preteen girls.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] Microsoft Windows image rendering DoS vuln, Andrew <=
Previous by Date:  iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow, iDEFENSE Labs
Next by Date:  [VulnWatch] GLD (Greylisting daemon for Postfix) multiple vulnerabilities., dong-hun you
Previous by Thread:  iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow, iDEFENSE Labs
Next by Thread:  [VulnWatch] GLD (Greylisting daemon for Postfix) multiple vulnerabilities., dong-hun you
Indexes:  [Date] [Thread] [Top] [All Lists]