Bugtraq mailing list archives
IE 5.-6 CSS parsing error
From: Dmitry Leonov <dl () bugtraq ru>
Date: Sat, 15 Jun 2002 15:46:40 +0400
Hello, Two days ago I received report from Oleg A. Cheremisin regarding CSS parsing problem in Internet Explorer. Internet Explorer (versions 5,5.5/Windows'98 and 6.0/XP have been tested) as well as software which uses IE engine for html pages displaying (like Outlook Express) crashes while trying to parse CSS table (internal or external) with element p{cssText: font-weight: bold;} Perhaps it was supposed that property cssText can be used only in scripts. It seems that there is no buffer overflow, but this vulnerability still can be used for DoS attacks. Description: http://www.bugtraq.ru/rsn/archive/2002/06/22.html Demonstration: http://www.bugtraq.ru/rsn/archive/2002/06/.keep/.msiecrash.html -- Yours sincerely, mailto:dl () bugtraq ru Dmitry Leonov http://www.bugtraq.ru
Current thread:
- IGMP denial of service vulnerability Krishna N. Ramachandran (Jun 14)
- Re: IGMP denial of service vulnerability Marty Schoch (Jun 14)
- Re: IGMP denial of service vulnerability Arun D. Qamra (Jun 14)
- IE 5.-6 CSS parsing error Dmitry Leonov (Jun 15)
- Re: IE 5.-6 CSS parsing error patpro (Jun 15)
- Re: IGMP denial of service vulnerability Arun D. Qamra (Jun 14)
- Re: IGMP denial of service vulnerability Marty Schoch (Jun 14)
- <Possible follow-ups>
- RE: IGMP denial of service vulnerability Nick Roffey (Jun 15)
- Re: IGMP denial of service vulnerability Marty Schoch (Jun 15)