https://www.exploit-db.com/exploits/21556
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-592

MicrosoftInternetExplorer5.5至6.0版本存在漏洞。远程攻击者可以借助带p{cssText}元素声明和加粗字体磅数的层叠样式表(CSS)导致服务拒绝（崩溃）。

source: http://www.securityfocus.com/bid/5027/info

A problem with Microsoft Internet Explorer may make it possible to deny service to users of the browser. The problem is in the handling of certain types of stylesheet input.

It may be possible to crash IE. When IE encounters a style sheet with the p{cssText} element declared, and a font weight of bold is specified, the browser crashes. This could be used as a denial of service attack.


<style>p{cssText: font-weight: bold;}</style>

来源:XF
名称:ie-css-bold-dos(9367)
链接:http://xforce.iss.net/xforce/xfdb/9367
来源:BID
名称:5027
链接:http://www.securityfocus.com/bid/5027