Re: Object tag crashes Internet Explorer 4.0

[brian () HYPERREAL ORG (Brian Behlendorf)]

in message 19980728171036.5485.qmail () hotmail com, Georgi Guninski
<guninski () HOTMAIL COM> told us about an Object Tag problem in MSIE 4.0.  He
described it:

> The <OBJECT> tag seems to crash Internet Explorer 4.0 under Win95 (don't
> know about other versions/OS).
> The following:
> <OBJECT CLASSID=____More than 250 characters here____></OBJECT>
> opens a dialog box "IEXPLORE: ...illegal operation" and closes IE 4.0,
> or a blue screen with "Fatal exception 0E" and you need to reboot.
> I don't think this is exploitable(?), but it is a bad "feature".

This is good to know - the only problem is that as an attachment, Georgi also
appended an actual example of such an OBJECT tag:

> -------------------------------------Cut here: Object.html -------
> <HTML>
> Trying to crash IE 4.0
> <OBJECT CLASSID=111...111111111>
> </OBJECT>
> </HTML>

The '...' above being replaced with enough other 1's to do the deed.

Of course, in doing so, my Win95/Eudora 4 Pro (which is configured to use MSIE
4.0 as its 'HTML browser') crashed before I could read his message.  Crashed
the whole OS, actually, losing about 3 hours' worth of work.

Now, you could say I have no right to complain, it's my own fault for running
ripshod software on a crappy OS, and I wouldn't argue.

But I would still like to ask that posters to BugTraq, and other forums,
refrain from posting actual, "lethal" examples of the mailer bugs they are
talking about.  At this time I'm unaware of any patch for this particular
problem, other than "use WordPad to read your mail" or "get a real OS".

Thanks.

       Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Common sense is the collection of prejudices  |     brian () apache org
acquired by the age of eighteen." - Einstein   |  brian () hyperreal org