lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20040413132211.GA18639@33ad.org>
Date: Tue, 13 Apr 2004 08:22:11 -0500
From: jeremy@...d.org
To: Arman Nayyeri <arman-n@...eaker.net>
Cc: bugtraq@...urityfocus.com
Subject: Re: Microsoft Internet Explorer BMP file memory DoS vulnerability

Quoting Arman Nayyeri (arman-n@...eaker.net):
> Microsoft Internet Explorer BMP file memory DoS vulnerability
> =============================================================
> Title:     Microsoft Internet Explorer BMP file memory DoS vulnerability
> Vuln Name: 58 bytes BMP vs 51,539,607,528 GB memory
> Date:      Sunday, April 11, 2004
> Software:  Internet Explorer v5.0-v6.0 
>            (i guess perior versions are vulnerable)
> Vendor:    Microsoft Corporation
> Patch:     N/A (Look at "Vendor Status" section)
> Author:    Arman Nayyeri, arman[at]4rman.com, http://www.4rman.com
> Severity:  Low

win2k, sp4.  IE 6.0.2800.1106, sp1.

no crash, just lots of memory used.

-- 
Jeremy Kelley <jeremy@...d.org>
     All plenty which is not my God is poverty to me. -Augustine


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ