| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: steve.wray at paradise.net.nz (Steve Wray) Subject: New Microsoft Internet Explorer mshtml.dll Denial of Service? Its a mail client issue; doesn't happen if you click on a link from Internet Explorer. Interestingly enough, the people who have responded with positives so far appear to be Outlook or Outlook express users. Your mail headers don't exactly give away your own mail client. What would it be? > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Marc Ruef > Sent: Tuesday, 2 September 2003 7:12 p.m. > To: full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] New Microsoft Internet Explorer > mshtml.dll Denial of Service? > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear List > > I was looking for some sources that serve translations of > Buce Schneiers well-known Crypto-Gram[1]. So I found on the > official page the hint, that there are some outdated Issues > in a german version available. > > After clicking in the link that brings me to > http://www.galad.com/extras/cg/cg.htm , my Internet Explorer > 6.0.2800.1106 "encounters a problem and needs to close". > After a bit of debugging I could determine that the problem > must be existing in the library mshtml.dll. > > I tried to do a small and dirty analysis of the problem. So I > fetched the whole page that encounters the error, but I > couldn't reproduce the program shutdown with the offline > version. It doesn't matter if I keep the original linking and > embedded pictures as a link to the original web source. > > Then I deactivated the Internet Explorers possibility of > showing pictures (Tools/Internet Options/Advanced/Show > pictures). And now the error message doesn't come again. So > it seems to me that one of the pictures produce the failure. > > Again, I put all the graphics from the named page dedicated > into the affected web browser (e.g. > http://www.galad.com/frame/but0nr.gif ). But > once more, I > couldn't reproduce the error. Perhaps it is an interaction > between HTML or JavaScript and a picture needed. It is very > interesting, that other sub pages (e.g. > http://www.galad.com/certify/mcse/mcse.htm ) > or other > browsers (e.g. Netscape Communicator 4.x, 6.x, and 7.x) are > not affected. > > Can somebody help me to figure out the real problem? Or is > this an old issue I can't recognize? > > Sincerely, > > Marc Ruef > > [1] http://www.counterpane.com/crypto-gram.html > > - -- > ) scip AG ( > Technoparkstr. 1 > 8005 Z?rich > T +41 1 445 18 18 > F +41 1 445 18 19 > > maru@...p.ch > www.scip.ch - Publizierung aktuellster IT-Sicherheitsluecken - > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0 > > iQA/AwUBP1RC+Re5hzJzqVMhEQKmDQCeM66Q8w/UqQBIi5FurZ7HpE6dMKYAmwdG > aNlONsKvfe2L9xezEjl2plJ3 > =C9az > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists