Ie6 password input problem

["Philip Wagenaar" <PB.Wagenaar () Chello NL>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

This is about IE6 (othersIE versions?) crashing after loading an html
page with a password input field with a value=" " option containing
1,000,000 X's (value option means that it will put that in the field
when you load the page). I have tested this myself with a simple html
file containing maxlength

<INPUT Name="PasswordProvided" Value="xxxxx... Size="1000000"
MAXLENGTH="1000000">                                            <INPUT Name="PasswordProvided_required"
Type="HIDDEN" Value="You must provide a password.">
Note that I forgot to end the value with ", so size= should be seen
as part of the value in IE6, and the rest should create an
error/warning when loading the page.

I've received several reports of the page loading ok in windows 98,
but that it crashes and consumes 100% cpu in windows2000/winxp (the
page never crashed in win98 but always in win2k/winxp).

I`m not sure what to do with this information. I`m just a computer
science student with a interest in security. Can anyone tell what to
do to test this further? And I would appreciate it if other would try
loading a similar page and mail the result.

Philip Wagenaar


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQA/AwUBO/h8ss4JcipDIO8UEQLRaACgvd9eJxclRShJxxp1NiP3r5EWzuoAn0RU
Xw/lLXr087tYGrOvwR84MBHL
=ohSj
-----END PGP SIGNATURE-----