Re[2]: driver for display goes to a infinite loop by viewing a html!

[3APA3A <3APA3A () SECURITY NNOV RU>]

Dear bipin gautam,

Of  cause, I experimented and found maximal value for IE 5 (2999999). In
my  tests  result was different from freezing PC (on S3 and VooDoo cards
under  NT  4.0) to only freezing IE itself (probably some Intel cards on
Windows  9x),  but  I did my tests for only Windows NT and 95/98 (it was
early  2000).  I  did not large research, because 4 years ago ability to
crash  host  remotely  via  client application was never considered as a
security  bug  (even  DoS  attacks  against server applications were not
treated  seriously  and  only  Gunninski care about things like crossite
scripting, this term became widely used later).

Sorry,  I  never  meant  to  blame  you  in stealing this information or
something. It was good catch and it's very common situation same problem
is  rediscovered  after  few  years  (I  was  in this situation for many
times). I'm just curious about same bug still unpatched for over 4 years
and  how  different  reaction  was  now  and 4 years ago. It's a kind of
nostalgie.  I  bet  with  this  tendencies in 2010 most bugs reported on
security  lists  are  something like interface spoofing, ineffective CPU
and  memory  usage,  etc.  World  is  changing :) It's time to release a
couple  of advisories for things never treated seriously before to check
reaction.

--Thursday, August 12, 2004, 7:18:09 PM, you wrote to full-disclosure () lists netsys com:

bg> hello 3APA3A,


> > This problem is known for years.

> > http://seclists.org/lists/vuln-dev/2001/Jun/0102.html
> > http://www.security.nnov.ru/advisories/ie5freeze.asp?l=RU
> > http://www.security.nnov.ru/files/ie5hang-nojs.asp


bg> kinda coincidence but i doubt it... did you ever
bg> discussed/noticed the VGA thing???

bg> you just experimented it with a big resiged image,
bg> fine!!! well but if you use a image width with more
bg> than 7 char, the browser just ignores the
bg> file.......... and hay it didn't crashed my system
bg> with a image width of 99999999, but it crashed it with
bg> a image width of 9999999 [8 charecter or more]
bg> [i'ven't experimented with other digits!!!] but if you
bg> have image width below that... it just freezes the
bg> browser, mothing more!!! no system crashes, nothing
bg> (O; [as in your case!!!]

bg> ps: * SuSE 9 shows 100% CPU use, and the disk is very
bg> active. 

bg> * A person wrote me, his linux used 100% cpu and dead
bg> slow.


bg> best regards,
bg> bipin



        
                
bg> __________________________________
bg> Do you Yahoo!?
bg> New and Improved Yahoo! Mail - 100MB free storage!
bg> http://promotions.yahoo.com/new_mail 

bg> _______________________________________________
bg> Full-Disclosure - We believe in it.
bg> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
~/ZARAZA
Но ведь кому угодно могут прийти в голову яйца, пятки и епископы. (Лем)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html