Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition.
Microsoft SDL Regex Fuzzer is a tool to help test regular expressions for these potential vulnerabilities, get it here.
Supported operating systems:
- Windows 7
- Windows Server 2003
- Windows Server 2008
- Windows Server 2008 R2
- Windows Vista
- Windows XP.