Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Update: Web browsers - a mini-farce (MSIE gives in)

From: MCMuir () dstoutput com
Date: Wed, 27 Oct 2004 11:09:55 -0700
6.0.2800.1106 on Win 2k Pro (5.00.2195 SP4) does not crash.

    -mike


<gabrield89 () hotmail com> wrote on 10/25/2004 08:00:44 AM:


In-Reply-To: <20041023001154.F23256 () dekadens coredump cx>






Last but not least, MSIE gives in:







  Only MSIE appears to be able to consistently handle [*] malformed



  input well, suggesting this is the only program that underwent



  rudimentary security QA testing with a similar fuzz utility.







To all those who considered my original post to be a great propaganda



ammunition for praising MSIE, bad news - although it did take a longer



while for it to give up - three hours - (impressive by comparison to



competitors), it eventually did:







 http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html







Tested on 6.0.2800.1106, dies in mshtml.dll. This is a NULL pointer



dereference, so merely a DoS condition, but still an evident flaw in



basic HTML parsing.








Testing on Windows 98 running IE 6.0.2800.1106. Nothing happens. IE 
does not crash. Can anyone else confirm this?
Previous By Date Next
Previous By Thread Next

Current thread: