lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <42B56C6A683EBA4581C01CB49A914CA7DA1D01@MAILFAXSRV.gfimalta.com>
From: davidf at gfi.com (David Farinic)
Subject: Large picture wudth DoS on MS Internet Explorer/Outlook Express

You misunderstood original post IMHO
Your 4 y. old htmls don't crash my XP just hang before I kill IE (no
prob if not exploitable).
Originally posted html BSOD OS ok let me rephrase Blue Screened XP DEAD
caput which is huge difference.
For now it seems to me as video driver issue as it depends on video
driver  (Crash dump analysis -1 report was not about video driver but it
was probably just domino effect where shortage of resources cause crash
of another driver)



-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 3APA3A
Sent: Thursday, August 12, 2004 4:44 PM
To: full-disclosure@...sys.com
Subject: [Full-Disclosure] Large picture wudth DoS on MS Internet
Explorer/Outlook Express


This issue was originaly reported in January, 2000

http://www.security.nnov.ru/2000/january/#IEIMAGE

And  was  reported  to  Microsoft. Microsoft didn't accepted this bug as
security related but promised to "file a bug report with IE team".

http://www.security.nnov.ru/2000/january/ie5img2.html

Message  to  Bugtraq  was  moderated  by  Aleph  One  as unimportant, so
publicly information was published one year later on vuln-dev.

http://cert.uni-stuttgart.de/archive/vuln-dev/2001/06/msg00094.html

and published as advisory

http://www.security.nnov.ru/advisories/ie5freeze.asp?l=RU

Nobody reacted.

Amount of buzz about it now makes me think Internet Explorer security is
now really better than it was 4 years ago :)



This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.

In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ