RE: New Microsoft Internet Explorer mshtml.dll Denial of Service?

["Steve Wray" <steve.wray () paradise net nz>]

Its a mail client issue; doesn't happen if you click on
a link from Internet Explorer.

Interestingly enough, the people who have responded with
positives so far appear to be Outlook or Outlook express 
users.

Your mail headers don't exactly give away your own mail client. 
What would it be?


> -----Original Message-----
> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Marc Ruef
> Sent: Tuesday, 2 September 2003 7:12 p.m.
> To: full-disclosure () lists netsys com
> Subject: [Full-disclosure] New Microsoft Internet Explorer 
> mshtml.dll Denial of Service?
>
>
>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear List
>
> I was looking for some sources that serve translations of 
> Buce Schneiers well-known Crypto-Gram[1]. So I found on the 
> official page the hint, that there are some outdated Issues 
> in a german version available.
>
> After clicking in the link that brings me to 
> http://www.galad.com/extras/cg/cg.htm , my Internet Explorer 
> 6.0.2800.1106 "encounters a problem and needs to close". 
> After a bit of debugging I could determine that the problem 
> must be existing in the library mshtml.dll.
>
> I tried to do a small and dirty analysis of the problem. So I 
> fetched the whole page that encounters the error, but I 
> couldn't reproduce the program shutdown with the offline 
> version. It doesn't matter if I keep the original linking and 
> embedded pictures as a link to the original web source.
>
> Then I deactivated the Internet Explorers possibility of 
> showing pictures (Tools/Internet Options/Advanced/Show 
> pictures). And now the error message doesn't come again. So 
> it seems to me that one of the pictures produce the failure.
>
> Again, I put all the graphics from the named page dedicated 
> into the affected web browser (e.g. 
> http://www.galad.com/frame/but0nr.gif ). But > once more, I 
> couldn't reproduce the error. Perhaps it is an interaction 
> between HTML or JavaScript and a picture needed. It is very 
> interesting, that other sub pages (e.g. 
> http://www.galad.com/certify/mcse/mcse.htm ) > or other 
> browsers (e.g. Netscape Communicator 4.x, 6.x, and 7.x) are 
> not affected.
>
> Can somebody help me to figure out the real problem? Or is 
> this an old issue I can't recognize?
>
> Sincerely,
>
> Marc Ruef
>
> [1] http://www.counterpane.com/crypto-gram.html
>
> - -- 
> ) scip AG (
> Technoparkstr. 1
> 8005 Zürich
> T +41 1 445 18 18 
> F +41 1 445 18 19
>
> maru () scip ch
> www.scip.ch - Publizierung aktuellster IT-Sicherheitsluecken -
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
>
> iQA/AwUBP1RC+Re5hzJzqVMhEQKmDQCeM66Q8w/UqQBIi5FurZ7HpE6dMKYAmwdG
> aNlONsKvfe2L9xezEjl2plJ3
> =C9az
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html