infoSource
The Latest in computer Security, Standards and Telecommunications Information
And now ... IE4 demonstrates buffer overflows in HTML Content tags
vol 1. issue 3 number 1 - July 30, 1998
 infoSource page
 
As suspected (infoSource vol1. issue 2. number 2) the swamp is getting deeper.  The following defines an exploit against Microsofts IE4 Browser, which can not be used to execute abitray code (read delete files on your hard drive) but can cause a DoS (Denial of Service) by crashing your IE (read system) when using Windows OSs.  NT and 90 x are all probably suspect.

Next time - What's a buffer overflow and how does it it work.

Enjoy,

- The InfoBro

Information Brokers, Inc. - the future is now...Information

The infoSource newsletter is focused primarily on internetwork security issues.  To unsubscribe send a message to: infosource-request@infobro.com with the body text LEAVE (make sure you use the address you subscribed with or include the address you think you subscribed with in the message body).  To subscribe send a message to: infosource-request@infobro.com with the body text JOIN.  The infoSource Newsletter will soon be available via fax service.  Please give us your feedback. 

From:  Georgi Guninski
Sent:  Tuesday, July 28, 1998 1:10 PM
To:  BUGTRAQ@NETSPACE.ORG
Subject:  Object tag crashes Internet Explorer 4.0

The <OBJECT> tag seems to crash Internet Explorer 4.0 under Win95 (don't
know about other versions/OS).
The following:
<OBJECT CLASSID=____More than 250 characters here____></OBJECT>
opens a dialog box "IEXPLORE: ...illegal operation" and closes IE 4.0,
or a blue screen with "Fatal exception 0E" and you need to reboot.
I don't think this is exploitable(?), but it is a bad "feature".

Georgi Guninski
guninski@hotmail.com
http://www.geocities.com/ResearchTriangle/1711

-------------------------------------Cut here: Object.html -------
<HTML>
Trying to crash IE 4.0
<OBJECT CLASSID=111...lots of these...1111>
</OBJECT>
</HTML>

______________________________________________________

--

Information Brokers, Inc.
http://infobro.com/infoSource/
infoSource-request@infobro.com?body=join
Need more Info? info@infobro.com