Re: Unknown IE bug with css-styles

From: Paolo Mattiangeli (security_at_centrodiascolto.it)
Date: 05/18/04

Next message: Josh Tolley: "Re: Buffer Overflow in ActivePerl ?"

Previous message: noderat_at_hotmail.com: "Re: Buffer Overflow in ActivePerl ?"
In reply to: henkie_is_leet_at_hotmail.com: "Unknown IE bug with css-styles"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <bugtraq@securityfocus.com>
Date: Tue, 18 May 2004 21:07:16 +0200

Yep, IE crashes badly. But I can't understand what your code is for. The
<link> tag should appear in the <head> section of your document, and you'll
have a hard time displaying a table without a <tr>...</tr> . Cheers!
Paolo

----- Original Message -----
From: <henkie_is_leet@hotmail.com>
To: <bugtraq@securityfocus.com>
Sent: Tuesday, May 18, 2004 7:11 PM
Subject: Unknown IE bug with css-styles

>
>
> Heya ppl!,
>
> I was coding around a bit..
> When I was testing the html code with internet explorer, the damn thing
started to crash! (Including all other IE's that where open at the same
time)
>
> I've tested it several times (on different machines) and all had the same
problem.
>
> it has something to do with the loading of the css styles from a file in a
<table>
>
> it doesn't seem to be exploitable..
>
> ---------------------------------------------------------
> Access violation in module mshtml.dll occurs at address:
> 6364E832 8B01 MOV EAX,DWORD PTR DS:[ECX]
> EAX = 0;
> ---------------------------------------------------------
>
> [Tested on]:
> - Microsoft Windows XP "Home edition" including Service pack 1
> - Microsoft Internet Explorer 6.0.2800.1106.xpsp2.030422-1633
> Updates: Q822925, Q330994, Q824145, Q837009, Q832894
>
> [Sample exploit:]
> - http://www.zeepost.nl/~henkie/index.html
>
> ---------------------------------------------------------
> Greetings go out to tozzke (sorry m8;))
> henkie_is_leet@hotmail.com
>

Next message: Josh Tolley: "Re: Buffer Overflow in ActivePerl ?"

Previous message: noderat_at_hotmail.com: "Re: Buffer Overflow in ActivePerl ?"
In reply to: henkie_is_leet_at_hotmail.com: "Unknown IE bug with css-styles"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Publisher 2003 Produced website crashes IE6
... I took a blank template page from publisher, saved the html, and imported the ... Line 170: In Internet Explorer 5.0 the attribute V:SHAPES is not permitted ... for the tag. ...
(microsoft.public.publisher.webdesign)
Re: More than a single script block within a single HEAD and BODY
... Can there be more than a single script block in a given HEAD tag? ... The W3C HTML validator lets you paste markup directly into the validation form. ...
(comp.lang.javascript)
Re: page only opens in CODE view.
... > 1 unformatted word and the html code is as perfect as one can get. ... >> FP will attempt to correct your code tag pairs and code formatting ... >> To find the best Newsgroup for FrontPage support see: ... I do I fix it? ...
(microsoft.public.frontpage.client)
Re:
... always had that in .NET and the server never had any trouble adding tags ... In framework 1 it didn't add anything to the head. ... need to be able to access the head tag as a server object? ... it would have to locate the LiteralControl ...
(microsoft.public.dotnet.framework.aspnet)
Re: page only opens in CODE view.
... Thanks to both Tom and Stefan for their advice. ... unformatted word and the html code is as perfect as one can get. ... > FP will attempt to correct your code tag pairs and code formatting ... > To find the best Newsgroup for FrontPage support see: ...
(microsoft.public.frontpage.client)