[Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?

• Previous message: morning_wood: "Re: [Full-Disclosure] Tracking a virus by logging infected machines"
• Next in thread: morning_wood: "Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Reply: morning_wood: "Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Reply: Irwan Hadi: "Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Maybe reply: Marc Ruef: "RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Maybe reply: Marc Ruef: "RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Reply: Steve Wray: "RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Maybe reply: Thor Larholm: "Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Maybe reply: Marc Ruef: "RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Maybe reply: at4r ins4n3: "Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Tue, 2 Sep 2003 09:12:10 +0200

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear List

I was looking for some sources that serve translations of Buce Schneiers well-known Crypto-Gram[1]. So I found on the official page the hint, that there are some outdated Issues in a german version available.

After clicking in the link that brings me to http://www.galad.com/extras/cg/cg.htm , my Internet Explorer 6.0.2800.1106 "encounters a problem and needs to close". After a bit of debugging I could determine that the problem must be existing in the library mshtml.dll.

I tried to do a small and dirty analysis of the problem. So I fetched the whole page that encounters the error, but I couldn't reproduce the program shutdown with the offline version. It doesn't matter if I keep the original linking and embedded pictures as a link to the original web source.

Then I deactivated the Internet Explorers possibility of showing pictures (Tools/Internet Options/Advanced/Show pictures). And now the error message doesn't come again. So it seems to me that one of the pictures produce the failure.

Again, I put all the graphics from the named page dedicated into the affected web browser (e.g. http://www.galad.com/frame/but0nr.gif ). But once more, I couldn't reproduce the error. Perhaps it is an interaction between HTML or JavaScript and a picture needed. It is very interesting, that other sub pages (e.g. http://www.galad.com/certify/mcse/mcse.htm ) or other browsers (e.g. Netscape Communicator 4.x, 6.x, and 7.x) are not affected.

Can somebody help me to figure out the real problem? Or is this an old issue I can't recognize?

Sincerely,

Marc Ruef

[1] http://www.counterpane.com/crypto-gram.html

- --
) scip AG (
Technoparkstr. 1
8005 Zürich
T +41 1 445 18 18
F +41 1 445 18 19

maru@scip.ch
www.scip.ch - Publizierung aktuellster IT-Sicherheitsluecken -

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBP1RC+Re5hzJzqVMhEQKmDQCeM66Q8w/UqQBIi5FurZ7HpE6dMKYAmwdG
aNlONsKvfe2L9xezEjl2plJ3
=C9az
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: morning_wood: "Re: [Full-Disclosure] Tracking a virus by logging infected machines"
• Next in thread: morning_wood: "Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Reply: morning_wood: "Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Reply: Irwan Hadi: "Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Maybe reply: Marc Ruef: "RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Maybe reply: Marc Ruef: "RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Reply: Steve Wray: "RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Maybe reply: Thor Larholm: "Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Maybe reply: Marc Ruef: "RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Maybe reply: at4r ins4n3: "Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]