Full Disclosure mailing list archives
Re: About Gif's
From: Karl-Heinz Kreis <khkreis () web de>
Date: Wed, 3 Sep 2003 20:25:39 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,01 01 00 Length Datablock 1 ( should be 4 Byte ?? 'no wonder there's error) ( missing ? databytes and terminator (00) ) 3b ; (GIF-Terminator)ahhh... this looks very interesting. So the length of the datablock is mis-represented? What does that tell you? I just altered that GIF file, by making that data block REALLY big: 00000000 47 49 46 38 39 61 01 00 01 00 80 00 GIF89a......
...
000001A4 41 41 41 41 41 41 41 41 41 41 00 3B AAAAAAAAAA.; Now, when I double click on my new image file (evil.gif) it opens in IE, and crashes it reliably. In addition, my html file (derived from a previous post) which references this new .gif, also reliably crashes IE. It appears this is an overflow. I haven't done any debugging yet, so I don't know if it is on the stack or not. tim
Oh, just stuff data in should crash to, since datablocks have a 'count' as header. caraciola -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/VjIwRUX8Hg498GwRApp1AJ0TDF4lyXldsAIQ0wZspK3HmwAWRwCgrx4S VWJm/banWsPkm8Em1tYz6z8= =63Tt -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: New Microsoft Internet Explorer mshtml.dll Denial of Service? Pellmann Paul (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)
- Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tim (Sep 02)
- Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tim (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? nonleft (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Steve Wray (Sep 02)
- Message not available
- Message not available
- Re: About Gif's Karl-Heinz Kreis (Sep 03)
- Message not available
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)