Vulnerability Development mailing list archives

RE: IE without Images

From: "Ryan Goetzinger" <rgoetzinger () 1stcomp com>
Date: Thu, 11 Jul 2002 15:22:03 -0500

When you remove the <?xml version="1.0" encoding="UTF-8"?> tag from the
image, it loads properly.  Actually, you can remove everything in the file
past the XML declaration there, and it still causes IE to process
indefinitely.  It seems to me that IE is reading it as a .jpg, but then sees
the XML tag, and assumes it's an XML file, then gets all sorts of confused.
As to why it never seems to close the file, im not too sure there.  It's
most likely just another IE bug.  Could this possibly lead to running XML
from image files?

Attached is error.txt, it is just a cut down version of error.jpg, with just
the headers, and it still processes indefinitely on my IE.  In actuality, it
seems that "ÿØÿà" (that might not print right on some machines, without
quotes) followed by an XML header is all that it needs.

(IE 5.50.4134.0600 SP2)
(Win2k SP2, semi-current on patches)
Opera 6.01 on my machine is unaffected.

Funniest thing happend after this, i saved the image to disk, and opened it
in IE from there.  Renamed it to a .tiff because the image has bell.tiff
inside.  Lo and behold, it becomes undeletable from explorer.  Same thing
goes for ".tif". Why Tif and Tiff, i dont know, other image extensions and
garbage extensions delete fine... It seems that Explorer tries to preview
the image, and because IE is integrated into Win2k, IE hangs trying to load
the image, and keeps it open for a very long time.

How exactly was this image made?  It has Photoshop 7 in the file, with a
date of 2002:07:10, which tells me it was made pretty recently.  Yet when i
attempt to make similar images in Photoshop, none of them contain that XML
header.



-Ryan Goetzinger
PGP: DD42 133A 2EAE B584 AC8A  F6EC EEE1 076B EF78 F669

    -----Original Message-----
    From: Andreas Vogler [mailto:lore () animexx de]
    Sent: Thursday, July 11, 2002 4:52 AM
    To: vuln-dev () securityfocus com
    Subject: IE without Images




    There is an jpg Picture which is 22k of size, when it is loaded
    via an IMG  html tag, IE gets messed up, and will not show any
    other pictures , until  you restart your IE. Mayby someone can
    tell whats the reason Here's the Example:
    http://animexx.4players.de/iebug/  See you

Attachment: error.txt
Description:

Current thread:

IE without Images Andreas Vogler (Jul 11)
- Re: IE without Images quentyn (Jul 11)
- Re: IE without Images Markus Fischer (Jul 11)
  - Message not available
    - Re: IE without Images Markus Fischer (Jul 12)
  - Re: IE without Images Nexus (Jul 12)
    - Re: IE without Images De Velopment (Jul 13)
- Re: IE without Images Nighttwix (Jul 12)
- RE: IE without Images Ryan Goetzinger (Jul 12)
- <Possible follow-ups>
- RE: IE without Images Carey, Steve T ISD (Jul 11)
- Re: IE without Images winx () btconnect com (Jul 12)