Re: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-29 Thread Aaron Gray
Here's a detailed description of what's going wrong with [STYLE]@;/* The problem is the unterminated comment "/*"; IE computes the length of the comment for a memcpy opperation by substracting the end pointer form the start pointer. The comment starts behind "/*" and should end at "*/",

Re: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-28 Thread Berend-Jan Wever
no detailed investigation. Cheers, SkyLined - Original Message - From: Phuong Nguyen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 19:17 Subject: [Full-Disclosure] Crash IE with 11 bytes ;) Hey, I thought you guys might want to know that it only takes 11 bytes

Re: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-28 Thread The Central Scroutinizer
Here's a detailed description of what's going wrong with [STYLE]@;/* The problem is the unterminated comment /*; IE computes the length of the comment for a memcpy opperation by substracting the end pointer form the start pointer. The comment starts behind /* and should end at */, but since

RE: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-27 Thread Stephen Taylor
Sent: Monday, July 26, 2004 7:44 AM To: [EMAIL PROTECTED]; 'Phuong Nguyen'; 'Marcel Krause' Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Crash IE with 11 bytes ;) Yeah about:input%20type%20crash did crash IE, on my win 2K system. Even the following works in IE (not in Mozilla/5.0

RE: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-26 Thread Arjun Pednekar
- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Taylor Sent: Saturday, July 24, 2004 1:20 AM To: 'Phuong Nguyen'; 'Marcel Krause' Cc: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Crash IE with 11 bytes ;) I don't understand the effect it has on Mozilla. It certainly

RE: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-25 Thread Stephen Taylor
Yeah I saw this on July 5 on SecuriTeam. Your stuff, isn't it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phuong Nguyen Sent: Friday, July 23, 2004 1:18 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Crash IE with 11 bytes ;) Hey, I thought you

RE: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-25 Thread Stephen Taylor
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phuong Nguyen Sent: Friday, July 23, 2004 1:49 PM To: Marcel Krause Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Crash IE with 11 bytes ;) Oh, I actually didn't know about that! Coolio ;) !! Phuong At 12:47 AM 7/24/2004, Marcel Krause

Re: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-24 Thread Trevor Curtis
: Friday, July 23, 2004 1:49 PM To: Marcel Krause Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Crash IE with 11 bytes ;) Oh, I actually didn't know about that! Coolio ;) !! Phuong At 12:47 AM 7/24/2004, Marcel Krause wrote: Hi! There is a similar Bug using about:input

Re: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-24 Thread Willem Koenings
hi, I thought you guys might want to know that it only takes 11 bytes to crash IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do is style;@/* ;) simple as that. More details@ http://www.ecqurity.com/adv/IEstyle.html IE 5.01 SP2 seems to be immune. tested at least

Re: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-24 Thread Matt Houston
user at work. ST -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phuong Nguyen Sent: Friday, July 23, 2004 1:49 PM To: Marcel Krause Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Crash IE with 11 bytes ;) Oh, I actually didn't know about that! Coolio

Re: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-24 Thread The Central Scroutinizer
IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do is style;@/* ;) simple as that. More details@ http://www.ecqurity.com/adv/IEstyle.html Seems to work with IE 6 .0 on Windows XP SP2 Beta 2 as well !!! ___ Full-Disclosure - We

[Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-23 Thread Phuong Nguyen
Hey, I thought you guys might want to know that it only takes 11 bytes to crash IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do is style;@/* ;) simple as that. More details@ http://www.ecqurity.com/adv/IEstyle.html Phuong

Re: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-23 Thread Phuong Nguyen
Oh, I actually didn't know about that! Coolio ;) !! Phuong At 12:47 AM 7/24/2004, Marcel Krause wrote: Hi! There is a similar Bug using about:input%20type%20crash . Well i think that's old news to you :) Yours, Marcel ___ Full-Disclosure - We believe in

RE: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-23 Thread Schmidt, Michael R.
:18 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Crash IE with 11 bytes ;) Hey, I thought you guys might want to know that it only takes 11 bytes to crash IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do is style;@/* ;) simple as that. More details@ http

RE: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-23 Thread Phuong Nguyen
PROTECTED] Subject: [Full-Disclosure] Crash IE with 11 bytes ;) Hey, I thought you guys might want to know that it only takes 11 bytes to crash IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do is style;@/* ;) simple as that. More details@ http://www.ecqurity.com/adv

RE: [Full-Disclosure] Crash IE with 11 bytes ;)

2004-07-23 Thread Phuong Nguyen
. I am a W2K user at work. ST -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Phuong Nguyen Sent: Friday, July 23, 2004 1:49 PM To: Marcel Krause Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Crash IE with 11 bytes ;) Oh, I actually didn't know about