Denial of Service Attack Attempt For Browser Applications

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	05/21/2010
Severity:	Medium
Operating Systems Affected:	All supported OS
Application Affected:	Microsoft Internet Explorer version 6.0.2900.2180 Microsoft Internet Explorer version 8.0.7600.16385 Google Chrome version 1.0.154.48 Opera version 9.52 Mozilla Firefox version 3.6.2 and prior
Identifiers:	CVE-2010-1991

Synopsis

Multiple browsers are prone to Denial of service attack which could lead to full consumes the victim system resources or possibly hang the system.

Recommended Actions

Update the antivirus and IDS/IPS signatures definitions.

Threat Analysis

There is a denial of service attack possibility exists in multiple browsers. This issue has been identified via crafting a special web page and opens it with respect to the vulnerable version of the browser.

Remote attacker can exploit this issue via sending malicious webpage link to the user. Successful exploitation can lead the full CPU consumption and may freeze the system.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1991 http://www.securityfocus.com/archive/1/archive/1/511327/100/0/threaded

Write-up by: Vikrant