[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
- To: "'Tiago Halm'" <thalm@xxxxxxxxxx>, "'Pellmann Paul'" <pel@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
- From: "Steve Wray" <steve.wray@xxxxxxxxxxxxxxx>
- Date: Wed, 3 Sep 2003 08:16:21 +1200
So why is it that visiting the page directly from MSIE
from html like this;
<html>
<head>
</head>
<body>
<a href="http://www.galad.com/extras/cg/cg.htm";>crash</a>
</body>
</html>
I get no crash?
But clicking through from outlook I do?
Ie; clicking from outlook = crash
clicking from IE = no crash
clicking from outlook afterward = crash
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of
> Tiago Halm
> Sent: Wednesday, 3 September 2003 4:37 a.m.
> To: 'Pellmann Paul'; full-disclosure@xxxxxxxxxxxxxxxx
> Subject: RE: [Full-Disclosure] New Microsoft Internet
> Explorer mshtml.dll Denial of Service?
>
>
> Paul has a point here, I believe!
>
> After a **lot** of html code "trimming" I came with an
> offline version of
> the page like this:
>
> ------------------------------------------------------
> <html>
> <body>
> <table border="0" cellspacing="0" cellpadding="0">
> <tr>
> <td><img src="http://www.galad.com/frame/e1x1.gif";
> width="1" height="1"
> alt=""></td>
> </tr>
> </table>
> </body>
> </html>
> -------------------------------------------------------
>
> and this piece of code does crash my browser (6.0.2800.1106)
> on windows 2000 server all patches and fixes up to date.
>
> NOTE: Every time you **want** the browser to crash, you must
> delete it from
> the "Temporary Internet Files" before loading it in your browser.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html