lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <000001c37170$5cc9a2e0$0b0010ac@Casa>
From: thalm at netcabo.pt (Tiago Halm)
Subject: New Microsoft Internet Explorer mshtml.dll Denial of Service?

Paul has a point here, I believe!

After a **lot** of html code "trimming" I came with an offline version of
the page like this:

------------------------------------------------------
<html>
<body>
<table border="0" cellspacing="0" cellpadding="0">
<tr>
    <td><img src="http://www.galad.com/frame/e1x1.gif" width="1" height="1"
alt=""></td>
</tr>
</table>
</body>
</html>
-------------------------------------------------------

and this piece of code does crash my browser (6.0.2800.1106)
on windows 2000 server all patches and fixes up to date.

NOTE: Every time you **want** the browser to crash, you must delete it from
the "Temporary Internet Files" before loading it in your browser.

Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a "Bad or
unrecognized image header".
Does this image, in some way, affects the way IE does the parsing?
Seems like it...

Regards,
Tiago Halm


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Pellmann Paul
Sent: ter?a-feira, 2 de Setembro de 2003 16:20
To: 'full-disclosure@...ts.netsys.com'
Subject: AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll
Denial of Service?


This seems to be caused by the 1x1 image http://www.galad.com/frame/e1x1.gif
used within the page. If I block this URL the IE stops crashing with that
page.

cu
Paul 


> > Its a mail client issue; doesn't happen if you click on
> > a link from Internet Explorer.
> 
> No, I am very sure that this happens also, if you follow the
> link inside
> a web page only (without an involving mail client).
> 
> So go to http://www.counterpane.com/crypto-gram.html , scroll down and 
> click the link that says "Holger Hasselbach has translated several 
> issues of Crypto-Gram into German [...]". The error occurs as 
> described in my original posting.
> 
> > Your mail headers don't exactly give away your own mail client.
> > What would it be?
> 
> Microsoft Outlook 2002 SP2 on Windows XP Professional
> 
> Yours,
> 
> Marc Ruef
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
> 
> iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK
> qtApctQA9L1W78qDsE4Puuvz
> =m0et
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ