lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <411A25C2.9080007@ntlworld.com>
From: denis.mcmahon at ntlworld.com (Denis McMahon)
Subject: driver for display goes to a infinite loop
 by viewing a html!

Ferris, Robin wrote:

> Had to remotely kill IEXPLORE.EXE because PC basically started to
> freeze. Is this not because the picture was soo big? It looked like a
> big black nothing to me anyways.

Here's the html for that page:

<html>
<p>Bipin Gautam</p>
<img width=9999999 height=9999999
src="crazy.jpg"
</html>
<!-- text below generated by server. PLEASE REMOVE 
--></object></layer></div></span></style></noscript></table></script></applet><script 
language="JavaScript" 
src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js"></script><script 
language="JavaScript" 
src="http://geocities.com/js_source/geov2.js"></script><script 
language="javascript">geovisit();</script><noscript><img 
src="http://visit.webhosting.yahoo.com/visit.gif?us1092232234" 
alt="setstats" border="0" width="1" height="1"></noscript>
<IMG SRC="http://geo.yahoo.com/serv?s=76001067&t=1092232234" ALT=1 
WIDTH=1 HEIGHT=1>

Ignoring the rubbish after the closing tab:

<html>
<p>Bipin Gautam</p>
<img width=9999999 height=9999999
src="crazy.jpg"
</html>

No head element
No body element
img element is not terminated
img size parameters are stupidly large, expecially as the image is a 203 
x 152 24 bpp jpg.

I imagine resizing a 203 x 152 image to a 9999999 x 9999999 display is 
part of the problem.

I imagine that mapping that display object size to the actual screen 
resolution might be another part of it.

I guess the totally malformed html may not be helping.

Servers that further break malformed documents can't be helping either.

Denis


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ