Full Disclosure mailing list archives

RE: Large picture wudth DoS on MS Internet Explorer/Outlook Express

From: "David Farinic" <davidf () gfi com>
Date: Fri, 13 Aug 2004 10:05:36 +0200


You misunderstood original post IMHO
Your 4 y. old htmls don't crash my XP just hang before I kill IE (no
prob if not exploitable).
Originally posted html BSOD OS ok let me rephrase Blue Screened XP DEAD
caput which is huge difference.
For now it seems to me as video driver issue as it depends on video
driver  (Crash dump analysis -1 report was not about video driver but it
was probably just domino effect where shortage of resources cause crash
of another driver)



-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 3APA3A
Sent: Thursday, August 12, 2004 4:44 PM
To: full-disclosure () netsys com
Subject: [Full-disclosure] Large picture wudth DoS on MS Internet
Explorer/Outlook Express


This issue was originaly reported in January, 2000

http://www.security.nnov.ru/2000/january/#IEIMAGE

And  was  reported  to  Microsoft. Microsoft didn't accepted this bug as
security related but promised to "file a bug report with IE team".

http://www.security.nnov.ru/2000/january/ie5img2.html

Message  to  Bugtraq  was  moderated  by  Aleph  One  as unimportant, so
publicly information was published one year later on vuln-dev.

http://cert.uni-stuttgart.de/archive/vuln-dev/2001/06/msg00094.html

and published as advisory

http://www.security.nnov.ru/advisories/ie5freeze.asp?l=RU

Nobody reacted.

Amount of buzz about it now makes me think Internet Explorer security is
now really better than it was 4 years ago :)



This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.

In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Large picture wudth DoS on MS Internet Explorer/Outlook Express 3APA3A (Aug 12)
- Re: Large picture wudth DoS on MS Internet Explorer/Outlook Express bipin gautam (Aug 12)
- <Possible follow-ups>
- RE: Large picture wudth DoS on MS Internet Explorer/Outlook Express David Farinic (Aug 13)