Full Disclosure mailing list archives
RE: New Microsoft Internet Explorer mshtml.dll Denial of Service?
From: "Tiago Halm" <thalm () netcabo pt>
Date: Tue, 2 Sep 2003 17:36:30 +0100
Paul has a point here, I believe!
After a **lot** of html code "trimming" I came with an offline version of
the page like this:
------------------------------------------------------
<html>
<body>
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="http://www.galad.com/frame/e1x1.gif"; width="1" height="1"
alt=""></td>
</tr>
</table>
</body>
</html>
-------------------------------------------------------
and this piece of code does crash my browser (6.0.2800.1106)
on windows 2000 server all patches and fixes up to date.
NOTE: Every time you **want** the browser to crash, you must delete it from
the "Temporary Internet Files" before loading it in your browser.
Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a "Bad or
unrecognized image header".
Does this image, in some way, affects the way IE does the parsing?
Seems like it...
Regards,
Tiago Halm
-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Pellmann Paul
Sent: terça-feira, 2 de Setembro de 2003 16:20
To: 'full-disclosure () lists netsys com'
Subject: AW: [Full-disclosure] New Microsoft Internet Explorer mshtml.dll
Denial of Service?
This seems to be caused by the 1x1 image http://www.galad.com/frame/e1x1.gif
used within the page. If I block this URL the IE stops crashing with that
page.
cu
Paul
![http://www.galad.com/frame/e1x1.gif"](http://www.galad.com/frame/e1x1.gif"){kind=link}
Its a mail client issue; doesn't happen if you click on a link from Internet Explorer.No, I am very sure that this happens also, if you follow the link inside a web page only (without an involving mail client). So go to http://www.counterpane.com/crypto-gram.html , scroll down and click the link that says "Holger Hasselbach has translated several issues of Crypto-Gram into German [...]". The error occurs as described in my original posting.Your mail headers don't exactly give away your own mail client. What would it be?Microsoft Outlook 2002 SP2 on Windows XP Professional Yours, Marc Ruef -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK qtApctQA9L1W78qDsE4Puuvz =m0et -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: New Microsoft Internet Explorer mshtml.dll Denial of Service? Pellmann Paul (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)
- Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tim (Sep 02)
- Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tim (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? nonleft (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Steve Wray (Sep 02)
- Message not available
- Message not available
- Re: About Gif's Karl-Heinz Kreis (Sep 03)
- Message not available
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)