Print this article | E-mail this article | Comment on this article

IE7 Beta 2 Preview Open to DoS Attack

By BetaNews Staff, BetaNews

February 1, 2006, 11:19 AM

Security researcher Tom Ferris says he has discovered a security vulnerability in the Beta 2 Preview release of Internet Explorer 7. The bug lies in the urlmon.dll file and causes the browser to crash when it encounters a URL with the "file://" protocol followed by a long string of dashes.

Ferris previously discovered security flaws in Firefox, IE6 and QuickTime. He notes that arbitrary code could be executed on a machine running Microsoft's newest beta browser, but his proof-of-concept code simply crashes the application. The issue has been reported to Microsoft and Ferris says it is only of medium severity.

Add a Comment (45 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

By iamtux

posted Feb 2, 2006 - 10:23 AM

It crashed IE7preb2 for me, but I found it crashed no Gecko-based browsers, like Mozilla, Firefox, I even tried it with Flock. I was pleasantly surprised by this. I tried it on Linux too, with Konqueror, Epiphany, Moz. and FF.
But I don't think this is a true DoS attack, its just a bug that causes a program to crash. Now, if you had a worm or virus that set that to IE's homepage, you might be able to keep a user who was none the wiser from using IE for a time. But I'm sure this will be easily plugged.

Score: 0

By ds0934

posted Feb 2, 2006 - 11:10 AM

I agree. This is being way overblown. It's good that the "flaw" was discovered and announced. MS will obviously fix it more quickly to avoid more bad press. However, it does not have the traditional characteristics of a Denial of Service attack. Denial of Browser maybe.

Score: 0

By tipsyboy

posted Feb 2, 2006 - 2:14 AM

This is not a DoS attack, as far as I am informed.

I hate that kind of "journalism". As soon as clouds are in the sky, they have the "Town threatened by storm"-headline . . .and should there be no storm it's "Town spared by storm."

Score: 0

By jshrk

edited Feb 2, 2006 - 5:30 AM

your right this is not a DoS exlpoit/attack at all a DoS exlpoit would leave the user open to the web on a port which would allow if someone executes a correctly condifgured DoS attack on the port in which the browser was running in result causing the entire system to crash. This really has nothing to do with DoS, just your common web exploit, please do the research on articles before just posting them please BetaNews.

Score: 0

By rustik_one

edited Feb 1, 2006 - 8:43 PM

I tested the proof of concept code available from a link on Ferris' advisory page, and it brought down my copy of IE7b2 as promised. However, the workaround for this vulnerability was simple enough to figure out, even though I can't read or code HTML in the slightest. I'm surprised it wasn't listed in Ferris' advisory page as a workaround, but instead he simply plugs Firefox - a fine browser, but not exactly a true workaround. After all, even the most hardcore FF fan-boy might need to use Windows/ Microsoft Update from time to time, and that's not happening without IE or the use of it's core at the least.

From what I can tell, the code appears to be an exploit of the process by which a web page calls up a sound file for the purpose of playing some sort of sound or music while viewing the page. Quick fix: Disable the playing of sounds in web pages shown in IE7 ( Tools> Internet Options> Advanced> un-check the box that reads “Play Sounds in Web Pages”).

After applying this minor adjustment, his proof of concept page has no power over my IE, AND I am spared the cheesy and often obtrusive soundtracks of various other pages, at least until the next update to this beta gives me cause to re-enable web page sounds... if I decide I miss being annoyed.

Score: 0

By Michael_Powell

edited Feb 1, 2006 - 7:31 PM

Speaking of DoS Attacks, Theres a toolbar called common name search - it has a AD-ware trojan in it.. I done it once without knowing it had one - and I discovered that I had one, it disabled Norton Antivirus. It installed a directory that was undeleteable, I had to use the full system restore to fix it..

Here;s the link for more info about it:
http://www.doxdesk.com/parasite/CommonName.html

Warning note: never download the common name search toolbar.

Score: 0

By chriscollier

posted Feb 3, 2006 - 3:05 AM

hello 2002....

Score: 0

By sn1p34

edited Feb 1, 2006 - 6:17 PM

its not fixed in 5299 :\

Score: 0

By DigitalSin

posted Feb 1, 2006 - 3:24 PM

How exactly is this a DoS attack?

Score: 0

By maniakmx3

posted Feb 1, 2006 - 4:06 PM

?????? Where?

Score: 0

By Paradise-FH-

posted Feb 1, 2006 - 3:45 PM

yeah, i have the same question. the only thing it's denying is the user with the browser ... that and it's only until they can restart the browser.

i must be missing something.

Score: 0

By The MAZZTer

posted Feb 1, 2006 - 3:14 PM

I've been looking at this article for five minutes and I still don't see the DoS attack.

Score: 0

By GeorgeSantayana

posted Feb 1, 2006 - 3:12 PM

Just leave it in beta forever. Works for Google.

Score: 0

By wincement

posted Feb 1, 2006 - 5:31 PM

Lol. That was funny.

Score: 0

By heat_fan1

posted Feb 1, 2006 - 4:40 PM

Haha! Then we can never justify complaining about bugs.

Score: 0

By Kramy

posted Feb 1, 2006 - 3:11 PM

People justify this with "it's beta", but a similar exploit was discovered months ago in Firefox(URL dash related - code execution), and tons of MS fanboys jumped on it.

Now granted, there's a higher % of MS fanboys due to MS's large userbase, but it still makes you think...

I would hope by the time Firefox reaches 3.0 most of its memory leaks and almost all its exploits will be filled. That way I can laugh at people that use Windows Explorer 9.0. :P

Score: 0

By wincement

posted Feb 1, 2006 - 5:33 PM

There's no way Windows Explorer 9.0 will be out by then. That will take until at least 2030. =p

Score: 0

By crashoverride

posted Feb 1, 2006 - 4:36 PM

People justify this with "it's beta",

Well ummm the Firefox fanboys justify Firefox's flaws by it being a realatively young browser.

Score: 0

By Metshrine

posted Feb 1, 2006 - 4:17 PM

Umm, there is no way every exploit could ever be patched because code is developed by humans, and humans are falliable by their very nature. So, does your comment have anything useful to add to the article aside from you adding a hit at your firefox browser? You complain about MS Fanboys, and you sit here and do the same thing they do on your firefox thread. A tad hypocritical if you ask me.

Score: 0

By frankwick

posted Feb 1, 2006 - 5:48 PM

Your reasoning that humans are falliable does not apply in this case. Humans (nor machines) can accurately predict the endless possible stream of exploits that other humans can conceive in the future.

This is the nature of software. Someone will find a weakness and the vendor will try to fix it before it becomes a huge problem. It will always be this way regardless if what platform, OS, program, applet, or whatever you use.

You would think that eventually ALL holes would be plugged, but thatis not the case. Humans are creative. Where there is a will, we can find a way around anything.

Score: 0

By tipsyboy

posted Feb 2, 2006 - 2:07 AM

"Where there is a will, we can find a way around anything."

This maybe true for YOU and your good will. This is NOT true, however, for all software and developers. Example: MS Windows finds it's core code by absolute paths in the registry and will thus not run on a machine where the HD partitions have changed thus that the letter of the system partition has "vanished" to a lower letter - from "k:" to "i:" for example.

Why is that so?

They use relative paths for user directories. Why won't they use relative paths in case of starting the operating system?

Is there really a way around this hassle - or is it just ill will?

Score: 0

By frankwick

posted Feb 1, 2006 - 2:08 PM

I guess this is the reason for betas. Get it in the public, test it, crash it, hack it, whatever. Betas are intended for people who are not faint of heart. If you find something wrong, then you should report it. That is how software development works.

MS is known to fix many bugs and tighthten the interface between the final preview and RTM. IE7 appears to be no different.

Score: 0

By RCS

posted Feb 2, 2006 - 9:13 AM

You are forgetting Office 2003, which went "gold" 2 days after the final beta was released.

Score: 0

By bourgeoisdude

posted Feb 1, 2006 - 1:59 PM

Well, it IS Beta. I'll cut them some slack.

Score: 0

By crashoverride

posted Feb 1, 2006 - 12:31 PM

Big deal, it's a beta. Beta's have bugs, it's a fact of life.

In other news this idiot found a cure for cancer today.

Score: 0

By Metshrine

edited Feb 1, 2006 - 1:05 PM

In other news, the calculator program in windows was found to have a serious security vulnerability which caused it to lock up for long periods of time when multiplying 89027409234987235982735987e+102948291 by itself. This bug caused the system to grind to a halt and inevitably crash while the program calculated the result. Microsoft has been notified.

Score: 0

By PC_Tool

posted Feb 1, 2006 - 2:35 PM

Liar!

Works just fine for me. ;P

Score: 0

By wincement

posted Feb 1, 2006 - 5:34 PM

My computer blew up when I tried to do that. Now I'm sad. =(

Score: 0

By PC_Tool

posted Feb 2, 2006 - 10:14 AM

Posting via telepathy?

Score: 0

By wincement

posted Feb 2, 2006 - 10:29 AM

Nah, I'm using one of those crank-powered MIT laptops.

Score: 0

By PC_Tool

posted Feb 2, 2006 - 1:45 PM

roflmao...

Score: 0

By PC_Tool

posted Feb 1, 2006 - 11:45 AM

lmao...

We all knew it would happen. We all knew it'd be jumped on. Funny how people expect a Beta product to be invincible.

Score: 0

By ServerMechanic

posted Feb 1, 2006 - 1:48 PM

I think it's more like people like us who used Beta 1 6-8 months ago and expected things to be fixed in Beta 2 that still are not fixed. :)

Score: 0

By PC_Tool

posted Feb 1, 2006 - 2:34 PM

Huh...

So Beta 1 is okay to have mistakes, but Beta 2 should be "Gold" quality material, eh?

Riiiight. Please don't *ever* get into developing or marketing. If you get into developing, your co-workers will kill you; If you get into marketing, the programmers will kill you.

I'd just hate to lose your "Google is teh DEVIL!!!" posts. ;)

Score: 0

By jarg

posted Feb 1, 2006 - 2:49 PM

Google is evil, but they do have a good search engine.

Score: 0

By PC_Tool

posted Feb 1, 2006 - 3:41 PM

lmao..

Thanks.

Score: 0

By wincement

posted Feb 1, 2006 - 12:51 PM

Exactly

Score: 0

By heat_fan1

posted Feb 1, 2006 - 11:37 AM

Yeah, if crashing is all I have to worry about here, then nothing has really changed in my mind. This is still a pre-Beta 2 build, so crashing and the like should be expected. If it was a real security hole, while still somewhat expected considering its beta status, then I might be a little more worried.

Score: 0

By Vantorax

edited Feb 1, 2006 - 11:37 AM

It's a beta version, after all. Nothing to worry about. The purpose of a beta is to find bugs and fix them. A beta is expected to have some bugs. No biggie. There's no failure of Quality Assurance here.

Score: 0

By Metshrine

posted Feb 1, 2006 - 11:45 AM

Exactly, this is only bait to bring out the windows hating trolls so they can bad mouth MS some more. I am not an MS fanatic, but I do respect what they've done and the product's they've made that are used by a very very large portion of the community.

Score: 0

By ZenWarrior

posted Feb 1, 2006 - 11:35 AM

Microsoft Quality Assurance: Deja vu, all over again.

Score: 0

By wincement

posted Feb 1, 2006 - 12:51 PM

It's a beta. People will get over it.

Score: 0

By Metshrine

posted Feb 1, 2006 - 11:28 AM

Bah, if all it does is crash a beta browser, I think I will go back to worrying about the numerous updates I have for my linux boxen every day :)

Score: 0

By Jale

edited Feb 18, 2006 - 10:14 AM

My entire sytstem crashed, it is on a start up loop. It crashes when I get the xp window. This happened after I installed the beta ie7 and restarted. I have another hard drive hooked up now and the computer on whole is working fine.

Score: 0

By blondnc

edited May 10, 2006 - 11:33 PM

Mine is on start up loop too. Has no one fixed the problem yet? im due to format my computer soon but i dont have enough time in the next week and i want a short term fix it by then!

Score: 0

Sep 5 - 7:10 PM ET Red Hat buys virtualization specialist Qumranet

Sep 5 - 7:06 PM ET Analysts: Online news viewers rising as newspaper readership falls

Sep 5 - 6:55 PM ET Where does Sarah Palin stand on technology issues?

Sep 5 - 6:51 PM ET Adobe Flash to deliver NFL games in full

Sep 5 - 4:29 PM ET Exclusive beta invitation from GameTap and BetaNews

Sep 5 - 4:09 PM ET Report: OLPC buy one, give one deal returns

Sep 5 - 3:45 PM ET No ruling yet in TiVo vs. EchoStar patent case

Sep 5 - 3:37 PM ET Google Analytics starts tracking Chrome, with intriguing results

Sep 5 - 2:14 PM ET Comcast challenges FCC's authority in sanction appeal

Sep 5 - 2:06 PM ET An ad about nothing: First Seinfeld + Gates ad omitted Vista