lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5.2.0.9.2.20030902201142.00b46cc0@pop.gmx.de>
From: nonleft at gmx.net (nonleft)
Subject: New Microsoft Internet Explorer
  mshtml.dll Denial of Service?

could you figure out if it is a webbug than or just a transgif for layout?

kind regards
nonleft


At 17:36 02.09.2003 +0100, Tiago Halm wrote:
>Paul has a point here, I believe!
>
>After a **lot** of html code "trimming" I came with an offline version of
>the page like this:
>
>------------------------------------------------------
>2bd125.jpg
>-------------------------------------------------------
>
>and this piece of code does crash my browser (6.0.2800.1106)
>on windows 2000 server all patches and fixes up to date.
>
>NOTE: Every time you **want** the browser to crash, you must delete it from
>the "Temporary Internet Files" before loading it in your browser.
>
>Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a "Bad or
>unrecognized image header".
>Does this image, in some way, affects the way IE does the parsing?
>Seems like it...
>
>Regards,
>Tiago Halm
>
>
>-----Original Message-----
>From: full-disclosure-admin@...ts.netsys.com
>[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Pellmann Paul
>Sent: ter?a-feira, 2 de Setembro de 2003 16:20
>To: 'full-disclosure@...ts.netsys.com'
>Subject: AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll
>Denial of Service?
>
>
>This seems to be caused by the 1x1 image http://www.galad.com/frame/e1x1.gif
>used within the page. If I block this URL the IE stops crashing with that
>page.
>
>cu
>Paul
>
>
> > > Its a mail client issue; doesn't happen if you click on
> > > a link from Internet Explorer.
> >
> > No, I am very sure that this happens also, if you follow the
> > link inside
> > a web page only (without an involving mail client).
> >
> > So go to http://www.counterpane.com/crypto-gram.html , scroll down and
> > click the link that says "Holger Hasselbach has translated several
> > issues of Crypto-Gram into German [...]". The error occurs as
> > described in my original posting.
> >
> > > Your mail headers don't exactly give away your own mail client.
> > > What would it be?
> >
> > Microsoft Outlook 2002 SP2 on Windows XP Professional
> >
> > Yours,
> >
> > Marc Ruef
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0
> >
> > iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK
> > qtApctQA9L1W78qDsE4Puuvz
> > =m0et
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2bd125.jpg
Type: image/jpeg
Size: 633 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030902/4bbb96c0/2bd125.jpg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ