Full Disclosure mailing list archives
RE: New Microsoft Internet Explorer mshtml.dll Denial of Service?
From: "Tiago Halm" <thalm () netcabo pt>
Date: Tue, 2 Sep 2003 19:49:07 +0100
My feeling is that the following facts: - rendering engine of IE, complemented with the "online" download of the image - possible malformation of the image lead to this outcome (browser crash). There must be some code inside mshtml.dll that "crashes" when parsing the image. I get this "Application" event with source "Microsoft Internet Explorer", ID = 1000: ------------- Faulting application iexplore.exe, version 6.0.2800.1106, faulting module mshtml.dll, version 6.0.2800.1226, fault address 0x00180ede. ------------- This is not a webbug. I think this is only a transgif for layout (as you put it). And IE should take the image as invalid and should not even try to display it. Regards, Tiago Halm -----Original Message----- From: nonleft [mailto:nonleft () gmx net] Sent: terça-feira, 2 de Setembro de 2003 19:15 To: Tiago Halm; 'Pellmann Paul'; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service? could you figure out if it is a webbug than or just a transgif for layout? kind regards nonleft At 17:36 02.09.2003 +0100, Tiago Halm wrote:
Paul has a point here, I believe! After a **lot** of html code "trimming" I came with an offline version of the page like this: ------------------------------------------------------ 2bd125.jpg ------------------------------------------------------- and this piece of code does crash my browser (6.0.2800.1106) on windows 2000 server all patches and fixes up to date. NOTE: Every time you **want** the browser to crash, you must delete it from the "Temporary Internet Files" before loading it in your browser. Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a "Bad or unrecognized image header". Does this image, in some way, affects the way IE does the parsing? Seems like it... Regards, Tiago Halm -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Pellmann Paul Sent: terça-feira, 2 de Setembro de 2003 16:20 To: 'full-disclosure () lists netsys com' Subject: AW: [Full-disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service? This seems to be caused by the 1x1 image http://www.galad.com/frame/e1x1.gif used within the page. If I block this URL the IE stops crashing with that page. cu PaulIts a mail client issue; doesn't happen if you click on a link from Internet Explorer.No, I am very sure that this happens also, if you follow the link inside a web page only (without an involving mail client). So go to http://www.counterpane.com/crypto-gram.html , scroll down and click the link that says "Holger Hasselbach has translated several issues of Crypto-Gram into German [...]". The error occurs as described in my original posting.Your mail headers don't exactly give away your own mail client. What would it be?Microsoft Outlook 2002 SP2 on Windows XP Professional Yours, Marc Ruef -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK qtApctQA9L1W78qDsE4Puuvz =m0et -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: New Microsoft Internet Explorer mshtml.dll Denial of Service? Pellmann Paul (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)
- Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tim (Sep 02)
- Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tim (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? nonleft (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Steve Wray (Sep 02)
- Message not available
- Message not available
- Re: About Gif's Karl-Heinz Kreis (Sep 03)
- Message not available
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)