-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple issues with windows XP. By John C. Hennessy Microsoft was notified 30 days ago as to these problems. Their response was that these were not security issues. (-Issue #1-) In internet explorer it is possible to use malicious html to cause denial of service. Example1 for Windows XP: view-source:file://c|/pagefile.sys This will cause notepad to open to pagefile.sys if it exists. Example2 for Windows XP: view-source:http://someip:chargen This will cause IE to continuously take up more and more memory as the server specified transmit a constant stream. (-Issue #2-) Using malicious html and scripting it is possible to DDoS a target. Example1 for Windows XP: By injecting the following into a webpage it you can generate a large ammount of data to a target host from visitors internet explorer sessions. [IMG src="javascript"for (i = 1; i <= 5000; i++) { window.location.replace ('file:////targetip/')};')"] The target will receive a large number connection attempts on port 80. If port 80 is open on the target IE will also attempt to initiate a WebDAV session for each request. Resulting in more traffic to the target. Another way to accomplish this is to use the same peice of javascript but use http://targetip: and increment port numbers with the loop. (-Issue #4-) It is possible to fill someone's outlook express client with "bogus" news server accounts Example1 for Windows XP: news://randomtext This will create a news account for "randomtext". This can be looped in java script and hiden in HTML tags. Modification to the javascript above can easily accomplish this. (-Issue #4-) It is possible to create malicious e-mail and force outlook express to open it. You'll need the following code to reproduce this (http://polaris.dawg.net/~johnh/microsoft/evilnews.c) Example1 for Windows XP: This basicly pretents to be an NNTP server and feeds an article to outlook when requested. Enter the following url into internet explorer. news://ipofthecode/evilness@thenewsstand This will spawn a received email window on the machine. - ------------------------------------------------------------------------------------------------ #&DocRev;3# -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBPbdpCQlqzZaeb3NpEQLPMACgnmVtRqv4YdJMBnvH77Tyvnked0cAoNxD SWa3AdB/RwOWot6bJnQWlga0 =elfD -----END PGP SIGNATURE-----