Bugtraq mailing list archives

Re: MSIE 5 favicon bug

From: listuser () SEIFRIED ORG (Kurt Seifried)
Date: Mon, 3 May 1999 22:29:10 -0600

Hi folks.

When MSIE 5 users bookmark a page, the browser will request a file
named "favicon.ico" which is to be used in the "Favorites" menu of the
browser. Unfortunately MSIE 5 doesn't check the file integrity and
crash if faced with a bad-formed icon file.

Upon crashing the stack gets filled with information from the icon
file itself, so it may be possible to run code on the client machine,
tough I didn't test it.


Doesn't work for me. NT Server 4.0, SP4, MSIE 5.0 (5.00.2314.1003). Tried
repeatedly.

Microsoft was notified twice about this issue via the "Report a Bug"
form on their web site. The first time about one month ago, the second
time about two weeks ago. I didn't receive back any reply.


Tried it from a couple of Win95 (OSR/2, no patches) machines with MSIE 5.0,
no crash either... if anyone can replicate this I'd be curious to know. How
have you gone about testing this? Which platform(s)? Win98 only?

More information about this bug (plus another privacy issue about the
"favicon.ico" file) is available at
http://web.cip.com.br/flaviovs/sec/favicon/index.html.

--
Flavio


-Kurt Seifried, MCP+I, MCSE
https://www.seifried.org/kurt/
Linux Administrators Security Guide
https://www.seifried.org/lasg/

Current thread:

Re: MSIE 5 favicon bug Kurt Seifried (May 03)
- AS/400 Joachim Larsson (May 03)
  - Re: AS/400 Ryan Permeh (May 05)
- Re: MSIE 5 favicon bug Flavio Veloso (May 04)
- <Possible follow-ups>
- Re: MSIE 5 favicon bug Ted.Buchan.330895 () ARMY DEFENCE GOV AU (May 04)
  - Re: MSIE 5 favicon bug Chris DeRose (May 06)
    - Re: MSIE 5 favicon bug Cliff Rowley (May 07)
    - Microsoft Security Bulletin (MS99-013) aleph1 () UNDERGROUND ORG (May 07)
- Re: MSIE 5 favicon bug Lee Chia Ling (May 06)
- Re: MSIE 5 favicon bug Jason (May 07)
  - Re: MSIE 5 favicon bug Flavio Veloso (May 07)

(Thread continues...)