These two scripts are dossing Microsoft Outlook, plus Firefox for free. The first one jams the screen with 1000 outlook screens by exploiting the "mailto: tag" in an iframe, making it impossible to work and click them away. The seconds jams the screen with outlook news:// screens which popup in pairs so fast that my PC wasn't able to continue. Solution: I gave windows the boot while 198 outlook instances where still in memory. Sorry these scripts are so bad I won't throw a PoC online, you can copy/paste it to try it out yourself. The coolest thing is that there is a lot of recursion that slips through Firefox, that's bad. Real bad. This could easily be exploited and possibly run shellcode on top of it through your system.I tested Outlook 6 + Outlook 2003, probably runs everywhere.
Firefox Outlook Remote Multiple Denial Of Service.
By secgeeks - Posted on June 12th, 2007
Tagged:
31
vote
Bookmark/Search this post with:
http://www.secgeeks.com/trackback/513
