| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nonleft at gmx.net (nonleft) Subject: New Microsoft Internet Explorer mshtml.dll Denial of Service? could you figure out if it is a webbug than or just a transgif for layout? kind regards nonleft At 17:36 02.09.2003 +0100, Tiago Halm wrote: >Paul has a point here, I believe! > >After a **lot** of html code "trimming" I came with an offline version of >the page like this: > >------------------------------------------------------ >2bd125.jpg >------------------------------------------------------- > >and this piece of code does crash my browser (6.0.2800.1106) >on windows 2000 server all patches and fixes up to date. > >NOTE: Every time you **want** the browser to crash, you must delete it from >the "Temporary Internet Files" before loading it in your browser. > >Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a "Bad or >unrecognized image header". >Does this image, in some way, affects the way IE does the parsing? >Seems like it... > >Regards, >Tiago Halm > > >-----Original Message----- >From: full-disclosure-admin@...ts.netsys.com >[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Pellmann Paul >Sent: ter?a-feira, 2 de Setembro de 2003 16:20 >To: 'full-disclosure@...ts.netsys.com' >Subject: AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll >Denial of Service? > > >This seems to be caused by the 1x1 image http://www.galad.com/frame/e1x1.gif >used within the page. If I block this URL the IE stops crashing with that >page. > >cu >Paul > > > > > Its a mail client issue; doesn't happen if you click on > > > a link from Internet Explorer. > > > > No, I am very sure that this happens also, if you follow the > > link inside > > a web page only (without an involving mail client). > > > > So go to http://www.counterpane.com/crypto-gram.html , scroll down and > > click the link that says "Holger Hasselbach has translated several > > issues of Crypto-Gram into German [...]". The error occurs as > > described in my original posting. > > > > > Your mail headers don't exactly give away your own mail client. > > > What would it be? > > > > Microsoft Outlook 2002 SP2 on Windows XP Professional > > > > Yours, > > > > Marc Ruef > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP 8.0 > > > > iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK > > qtApctQA9L1W78qDsE4Puuvz > > =m0et > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html -------------- next part -------------- A non-text attachment was scrubbed... Name: 2bd125.jpg Type: image/jpeg Size: 633 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030902/4bbb96c0/2bd125.jpg
Powered by blists - more mailing lists