IE and favicon.ico

[Steve Micallef <stevenm () ot com au>]

Hi all,

Some of you may recall there was a bug in IE's handling of the favicon.ico
file a while back (http://web.cip.com.br/flaviovs/sec/favicon/) which
resulted in an IE crash.

Although this seems to have been fixed (at least on the IE's I've tested),
IE still doesn't check the size of the file before fetching it.

I created a 50mb favicon.ico file, and IE downloaded the whole thing when
I added the site as a favourite.

Probably not exploitable, but nasty anyhow, especially if it was linked
to /dev/urandom or something.

Regards,

Steve Micallef