Full Disclosure mailing list archives
RE: New Microsoft Internet Explorer mshtml.dll Denial of Service?
From: nonleft <nonleft () gmx net>
Date: Tue, 02 Sep 2003 20:14:52 +0200
could you figure out if it is a webbug than or just a transgif for layout? kind regards nonleft At 17:36 02.09.2003 +0100, Tiago Halm wrote:
Paul has a point here, I believe! After a **lot** of html code "trimming" I came with an offline version of the page like this: ------------------------------------------------------ 2bd125.jpg ------------------------------------------------------- and this piece of code does crash my browser (6.0.2800.1106) on windows 2000 server all patches and fixes up to date. NOTE: Every time you **want** the browser to crash, you must delete it from the "Temporary Internet Files" before loading it in your browser. Although this image (e1x1.gif) is 1x1 GIF, ACDSee Classic calls it a "Bad or unrecognized image header". Does this image, in some way, affects the way IE does the parsing? Seems like it... Regards, Tiago Halm -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Pellmann Paul Sent: terça-feira, 2 de Setembro de 2003 16:20 To: 'full-disclosure () lists netsys com' Subject: AW: [Full-disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service? This seems to be caused by the 1x1 image http://www.galad.com/frame/e1x1.gif used within the page. If I block this URL the IE stops crashing with that page. cu Paul > > Its a mail client issue; doesn't happen if you click on > > a link from Internet Explorer. > > No, I am very sure that this happens also, if you follow the > link inside > a web page only (without an involving mail client). > > So go to http://www.counterpane.com/crypto-gram.html , scroll down and > click the link that says "Holger Hasselbach has translated several > issues of Crypto-Gram into German [...]". The error occurs as > described in my original posting. > > > Your mail headers don't exactly give away your own mail client. > > What would it be? > > Microsoft Outlook 2002 SP2 on Windows XP Professional > > Yours, > > Marc Ruef > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0 > > iQA/AwUBP1Rw4Be5hzJzqVMhEQKFkACeOBaQowm8I6p0P2Fb12C4E2ndwgoAniRK > qtApctQA9L1W78qDsE4Puuvz > =m0et > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: New Microsoft Internet Explorer mshtml.dll Denial of Service? Pellmann Paul (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)
- Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tim (Sep 02)
- Re: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tim (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? nonleft (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Steve Wray (Sep 02)
- Message not available
- Message not available
- Re: About Gif's Karl-Heinz Kreis (Sep 03)
- Message not available
- RE: New Microsoft Internet Explorer mshtml.dll Denial of Service? Tiago Halm (Sep 02)