CSS formatting freezes MSIE 6.0

Denial of Service?

Yes, there is another security vulnerability in Microsoft's famous web browser Internet Explorer, version 6.0. This time no JavaScript hack or uncommon file format: a mere HTML page using CSS formatting is enough to trigger what seems to be an infinite loop in the CSS rendering engine, freezing the browser's window. You will have to kill the process with the task manager: at least, the positive side is that there is no remote code execution...

Proof of Concept

Check if your browser is vulnerable

(Warning: this may freeze your browser window)

What then?

I noticed this vulnerability on October 5th, 2006. As of November 29th, 2006, the vulnerability has not been corrected in IE 6.0, and Internet Explorer version 7.0, which is not affected by the problem, as been released through Windows Update as a high-priority update, and thus should be installed on every security-aware system. So it is likely that this vulnerability will never get corrected...

Copyright © 2006 Pierre Ynard
Feel free to address your comments to