Vulnerability Development mailing list archives
Re: Stack Overflow in IE 5 (NT 4.0)
From: "Sherrod, Andrew" <andrew.sherrod () TFN COM>
Date: Mon, 21 Aug 2000 09:07:41 -0400
That may explain the difference. I have seen some posts in various places suggesting some bugs are limited to the US-english versions of IE. Though why bad programming seems more prevalent in the domestic version is a complete mystery. AGS -----Original Message----- From: herakel () UNIV HAIFA AC IL [mailto:herakel () UNIV HAIFA AC IL] Sent: Sunday, August 20, 2000 3:22 AM To: andrew.sherrod () tfn com Cc: VULN-DEV () SECURITYFOCUS COM Subject: RE: Stack Overflow in IE 5 (NT 4.0) It is IE 5.00.2919.6307 My NT is hebrew enabled. Version 4.0 Build 1381 SP 5 -----Original Message----- From: Sherrod, Andrew [mailto:andrew.sherrod () tfn com] Sent: Wednesday, August 16, 2000 4:28 PM To: 'herakel () UNIV HAIFA AC IL'; Subject: RE: Stack Overflow in IE 5 (NT 4.0) Which specific IE version? My tests failed on IE 5.00.2014.0216 NT 4.0 Build 1381 SP 5 Also, I have to change the first report:
From one to two blank buttons appear on the task bar. Two is more common,
but I have since seen a single button as well. AGS -----Original Message----- From: Herakel Endrawes [mailto:herakel () UNIV HAIFA AC IL] Sent: Wednesday, August 16, 2000 3:56 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Stack Overflow in IE 5 (NT 4.0) IE 5 on NT 4. SP5 works fine. Does not open any blank buttons. A new URL open fine also. -----Original Message----- From: Sherrod, Andrew [mailto:andrew.sherrod () TFN COM] Sent: Tuesday, August 15, 2000 6:00 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Stack Overflow in IE 5 (NT 4.0) I am uncertain if this is exploitable, but it seems a possibility: Create a web page as follows: <HTML> <HEAD> <TITLE> INFINITE FRAMES </TITLE> <FRAMESET rows=80,20> <FRAME src="b.html"> <FRAME src="http://www.yahoo.com"> </FRAMESET> </HTML> Save as "a.html". Repeate, changing b to c and saving page as "b.html". Continue through "q.html", which refers not to "r.html", but back to "a.html": (Text of q.html): <HTML> <HEAD> <TITLE> INFINITE FRAMES </TITLE> <FRAMESET cols=80,20> <FRAME src="a.html"> <FRAME src="http://www.yahoo.com"> </FRAMESET> </HTML> (Some cursory tests suggest 17 frames as the minimum to produce the overflow.) This page will have no effect on Netscape, which loads frames up through q.html, leaving an empty frame where a.html should be. IE 5 does the same, but also creates two blank buttons on the task bar and sometimes briefly creates a floating white square in the upper left corner of the screen. It does not crash immediately, but when a new URL is entered a stack overflow occurs. I haven't had time to fully examine this, or see if there is a means to exploit the overflow. AGS
Current thread:
- Stack Overflow in IE 5 (NT 4.0) Sherrod, Andrew (Aug 15)
- Re: Stack Overflow in IE 5 (NT 4.0) Erik Tayler (Aug 15)
- <Possible follow-ups>
- Re: Stack Overflow in IE 5 (NT 4.0) Herakel Endrawes (Aug 16)
- Re: Stack Overflow in IE 5 (NT 4.0) Sherrod, Andrew (Aug 17)
- Re: Stack Overflow in IE 5 (NT 4.0) Sherrod, Andrew (Aug 21)