Signature Detail

Short Name	HTTP:STC:IE:IE-IMG-INF-DOS
Severity	Low
Recommended	No
Category	HTTP
Keywords	ie dos
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Internet Explorer <IMG> Infinite Loop DoS

This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer (IE). When IE attempts to create an image (img) with an invalid source (src), the onError event is triggered, which resets the src attribute to the same invalid src, creating an infinite loop (the onError event causes itself). Attackers can send a maliciously crafted URL containing an invalid image source to produce an infinite loop, causing the stack to overflow and creating a denial of service (DoS).

Extended Description

None

References

URL: http://www.securitytracker.com/alerts/2002/Apr/1004146.html
URL: http://www.securityfocus.com/archive/1/269241/2002-04-23/2002-04-29/0

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Internet Explorer <IMG> Infinite Loop DoS

Extended Description

References