RE: [Full-Disclosure] Internet Explorer 6 DoS Bug

From: Justin Shin (zorkshin_at_tampabay.rr.com)
Date: 07/08/03

  • Next message: hoho: "Re: [Full-Disclosure] Internet Explorer 6 DoS Bug"
    To: "Richard M. Smith" <rms@computerbytesman.com>
    Date: Mon, 7 Jul 2003 20:24:39 -0400
    
    

    well try it and see, dude.

    i get a crash on win xp w/ all the works but it only affects a single browser window.

    -- Justin Shin

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Richard M.
    Smith
    Sent: Monday, July 07, 2003 7:40 PM
    To: 'Dan Williams'; full-disclosure@lists.netsys.com
    Subject: RE: [Full-Disclosure] Internet Explorer 6 DoS Bug

    Does an HTML IMG tag like <img src=c:\aux> also cause a crash? This
    kind of tag can be embedded in an HTML email message. If the bug shows
    up also in an IMG tag, then an Email reader like Outlook or Outlook
    Express can be DoSed. Ditto for Hotmail and Yahoo mail.

    Richard

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Dan
    Williams
    Sent: Monday, July 07, 2003 4:50 PM
    To: full-disclosure@lists.netsys.com
    Subject: Re: [Full-Disclosure] Internet Explorer 6 DoS Bug

    I am running US version of XP corporate with the latest service packs
    and
    updates with IE 6.0.2800 and the c:\aux crashes that specific browser
    window along with clicking a click to href=c:\aux

    ....

    --Dan

    > pez dude wrote:
    > > Tested and confirmed on Inter Explorer Version:
    > > 6.0.2600..0000.xpclient.010817-1148
    > >
    > > Window locks and can be closed with Ctrl +Alt+ Delete or by clicking
    the
    > > x in the top right corner ... followed by an "end now" or "cancel"
    > > prompt.
    >
    > So far the couple of people who CAN reproduce it are coming from a .dk
    and
    > .de domain. I use the US English version of XP. If anyone else
    chimes in
    > on whether they can reproduce or not, could you please report what
    language
    > version of XP and/or IE you use?
    >
    > Has anyone tried it from a link in a page, or a refresh or anything?
    >
    > BB
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: hoho: "Re: [Full-Disclosure] Internet Explorer 6 DoS Bug"