Re: Object tag crashes Internet Explorer 4.0

[brett () LARIAT ORG (Brett Glass)]

John Hardin's HTML trap for procmail (I've been helping him expand it
to close the Outlook/Netscape long file name hole) defangs OBJECT tags
too. See the "Notes" section on the bottom of the page at

http://www.wolfenet.com/~jhardin/procmail-kit.html

John deserves a lot of credit. His package lays the groundwork for a whole
BUNCH of protective "safety nets" that can prevent e-mail exploits. (I was
planning to implement something like it to protect my users, but it would
have taken me WEEKS if I'd started from scratch. A fix based on his work
took less than a day to create.)

Everyone on this list who has some understanding of procmail and regular
expressions should review the filters at the above URL and suggest
improvements.

--Brett


At 05:06 PM 7/29/98 -0700, Brian Behlendorf wrote:

> in message 19980728171036.5485.qmail () hotmail com, Georgi Guninski
> <guninski () HOTMAIL COM> told us about an Object Tag problem in MSIE 4.0.  He
> described it:
>
> > The <OBJECT> tag seems to crash Internet Explorer 4.0 under Win95 (don't
> > know about other versions/OS).
> > The following:
> > <OBJECT CLASSID=____More than 250 characters here____></OBJECT>
> > opens a dialog box "IEXPLORE: ...illegal operation" and closes IE 4.0,
> > or a blue screen with "Fatal exception 0E" and you need to reboot.
> > I don't think this is exploitable(?), but it is a bad "feature".
>
> This is good to know - the only problem is that as an attachment, Georgi also
> appended an actual example of such an OBJECT tag:
>
> > -------------------------------------Cut here: Object.html -------
> > <HTML>
> > Trying to crash IE 4.0
> > <OBJECT CLASSID=111...111111111>
> > </OBJECT>
> > </HTML>
>
> The '...' above being replaced with enough other 1's to do the deed.
>
> Of course, in doing so, my Win95/Eudora 4 Pro (which is configured to use
MSIE
> 4.0 as its 'HTML browser') crashed before I could read his message.  Crashed
> the whole OS, actually, losing about 3 hours' worth of work.
>
> Now, you could say I have no right to complain, it's my own fault for running
> ripshod software on a crappy OS, and I wouldn't argue.
>
> But I would still like to ask that posters to BugTraq, and other forums,
> refrain from posting actual, "lethal" examples of the mailer bugs they are
> talking about.  At this time I'm unaware of any patch for this particular
> problem, other than "use WordPad to read your mail" or "get a real OS".
>
> Thanks.
>
>       Brian
>
>
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> "Common sense is the collection of prejudices  |     brian () apache org
> acquired by the age of eighteen." - Einstein   |  brian () hyperreal org