Bugtraq mailing list archives
IE 5.-6 CSS parsing error
From: Dmitry Leonov <dl () bugtraq ru>
Date: Sat, 15 Jun 2002 15:46:40 +0400
Hello,
Two days ago I received report from Oleg A. Cheremisin regarding
CSS parsing problem in Internet Explorer.
Internet Explorer (versions 5,5.5/Windows'98 and 6.0/XP have been
tested) as well as software which uses IE engine for html pages
displaying (like Outlook Express) crashes while trying to parse
CSS table (internal or external) with element p{cssText: font-weight:
bold;}
Perhaps it was supposed that property cssText can be used only in
scripts. It seems that there is no buffer overflow, but this
vulnerability still can be used for DoS attacks.
Description:
http://www.bugtraq.ru/rsn/archive/2002/06/22.html
Demonstration:
http://www.bugtraq.ru/rsn/archive/2002/06/.keep/.msiecrash.html
--
Yours sincerely, mailto:dl () bugtraq ru
Dmitry Leonov http://www.bugtraq.ru
Current thread:
- IGMP denial of service vulnerability Krishna N. Ramachandran (Jun 14)
- Re: IGMP denial of service vulnerability Marty Schoch (Jun 14)
- Re: IGMP denial of service vulnerability Arun D. Qamra (Jun 14)
- IE 5.-6 CSS parsing error Dmitry Leonov (Jun 15)
- Re: IE 5.-6 CSS parsing error patpro (Jun 15)
- Re: IGMP denial of service vulnerability Arun D. Qamra (Jun 14)
- Re: IGMP denial of service vulnerability Marty Schoch (Jun 14)
- <Possible follow-ups>
- RE: IGMP denial of service vulnerability Nick Roffey (Jun 15)
- Re: IGMP denial of service vulnerability Marty Schoch (Jun 15)