[Full-Disclosure] Large picture wudth DoS on MS Internet Explorer/Outlook Express

From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: 08/12/04

Next message: Jason Bethune: "[Full-Disclosure] Weird"

Previous message: idlabs-advisories_at_idefense.com: "[Full-Disclosure] iDEFENSE Security Advisory 08.12.04b: Adobe Acrobat Reader (Unix) 5.0 Uudecode Filename Buffer Overflow Vulnerability"
Next in thread: bipin gautam: "Re: [Full-Disclosure] Large picture wudth DoS on MS Internet Explorer/Outlook Express"
Reply: bipin gautam: "Re: [Full-Disclosure] Large picture wudth DoS on MS Internet Explorer/Outlook Express"
Maybe reply: David Farinic: "RE: [Full-Disclosure] Large picture wudth DoS on MS Internet Explorer/Outlook Express"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@netsys.com
Date: Thu, 12 Aug 2004 18:43:47 +0400

This issue was originaly reported in January, 2000

http://www.security.nnov.ru/2000/january/#IEIMAGE

And was reported to Microsoft. Microsoft didn't accepted this bug as
security related but promised to "file a bug report with IE team".

http://www.security.nnov.ru/2000/january/ie5img2.html

Message to Bugtraq was moderated by Aleph One as unimportant, so
publicly information was published one year later on vuln-dev.

http://cert.uni-stuttgart.de/archive/vuln-dev/2001/06/msg00094.html

and published as advisory

http://www.security.nnov.ru/advisories/ie5freeze.asp?l=RU

Nobody reacted.

Amount of buzz about it now makes me think Internet Explorer security is
now really better than it was 4 years ago :)

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Jason Bethune: "[Full-Disclosure] Weird"

Previous message: idlabs-advisories_at_idefense.com: "[Full-Disclosure] iDEFENSE Security Advisory 08.12.04b: Adobe Acrobat Reader (Unix) 5.0 Uudecode Filename Buffer Overflow Vulnerability"
Next in thread: bipin gautam: "Re: [Full-Disclosure] Large picture wudth DoS on MS Internet Explorer/Outlook Express"
Reply: bipin gautam: "Re: [Full-Disclosure] Large picture wudth DoS on MS Internet Explorer/Outlook Express"
Maybe reply: David Farinic: "RE: [Full-Disclosure] Large picture wudth DoS on MS Internet Explorer/Outlook Express"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: LoadPicture VB function in Office:mac 2004
... this is a known bug. ... Please take a moment to visit this URL and send a report ... MVPs are not Microsoft Employees ... > properties page to manually set the picture property of the image1 object ...
(microsoft.public.mac.office.excel)
Re: Is there someplace to report grammar checker errors?
... We would all like every Microsoft product to be perfect (and I think you ... There are ways to report bugs, and all reported bugs are considered. ... bug and the number of users it affects. ... grammar checker makes an incorrect suggestion if it means taking time away ...
(microsoft.public.word.newusers)
Re: Help us please
... If you cannot access the MS bug report sites, ... > I am trying to report VFP bugs for Microsoft to correct it in VFP9 because now we ... > good company as Microsoft. ...
(microsoft.public.fox.programmer.exchange)
Re: A bug in MS Access
... Allen Browne - Microsoft MVP. ... > before and I couldn't find a forum to report this bug. ... To vote for this suggestion, ...
(microsoft.public.access.modulesdaovba)
Re: A bug in MS Access
... In the delete query condtion, ... thought this is a bug and searched for the stage to report this.Atlast, ... >>> Microsoft as I was not knowing whom to report. ...
(microsoft.public.access.modulesdaovba)