Full Disclosure mailing list archives

Re: Crash IE with 11 bytes ;)

From: "Willem Koenings" <isec () europe com>
Date: Sat, 24 Jul 2004 12:28:00 -0500

hi,

I thought you guys might want to know that it only takes 11 bytes to crash 
IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do 
is <style>;@/* ;) simple as that. More details@ 
http://www.ecqurity.com/adv/IEstyle.html


IE 5.01 SP2 seems to be immune. tested at least 10 times :)

willem.


-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Crash IE with 11 bytes ;), (continued)
- - - Re: Crash IE with 11 bytes ;) Trevor Curtis (Jul 24)
    - Re: Crash IE with 11 bytes ;) Matt Houston (Jul 24)
    - RE: Crash IE with 11 bytes ;) Arjun Pednekar (Jul 26)
    - RE: Crash IE with 11 bytes ;) Stephen Taylor (Jul 27)
- Re: Crash IE with 11 bytes ;) The Central Scroutinizer (Jul 24)
- RE: Crash IE with 11 bytes ;) Stephen Taylor (Jul 25)
- Re: Crash IE with 11 bytes ;) Berend-Jan Wever (Jul 28)
  - Re: Crash IE with 11 bytes ;) The Central Scroutinizer (Jul 28)
- RE: Crash IE with 11 bytes ;) Schmidt, Michael R. (Jul 23)
  - Message not available
    - RE: Crash IE with 11 bytes ;) Phuong Nguyen (Jul 23)
- Re: Crash IE with 11 bytes ;) Willem Koenings (Jul 24)
- Re: Crash IE with 11 bytes ;) Aaron Gray (Jul 29)