| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000e01c3718f$137c2170$0201a8c0@cyber.god> From: steve.wray at paradise.net.nz (Steve Wray) Subject: New Microsoft Internet Explorer mshtml.dll Denial of Service? So why is it that visiting the page directly from MSIE from html like this; <html> <head> </head> <body> <a href="http://www.galad.com/extras/cg/cg.htm">crash</a> </body> </html> I get no crash? But clicking through from outlook I do? Ie; clicking from outlook = crash clicking from IE = no crash clicking from outlook afterward = crash > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Tiago Halm > Sent: Wednesday, 3 September 2003 4:37 a.m. > To: 'Pellmann Paul'; full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] New Microsoft Internet > Explorer mshtml.dll Denial of Service? > > > Paul has a point here, I believe! > > After a **lot** of html code "trimming" I came with an > offline version of > the page like this: > > ------------------------------------------------------ > <html> > <body> > <table border="0" cellspacing="0" cellpadding="0"> > <tr> > <td><img src="http://www.galad.com/frame/e1x1.gif" > width="1" height="1" > alt=""></td> > </tr> > </table> > </body> > </html> > ------------------------------------------------------- > > and this piece of code does crash my browser (6.0.2800.1106) > on windows 2000 server all patches and fixes up to date. > > NOTE: Every time you **want** the browser to crash, you must > delete it from > the "Temporary Internet Files" before loading it in your browser.
Powered by blists - more mailing lists