Here's a
detailed description of what's going wrong with [STYLE]@;/* The
problem is the unterminated comment "/*"; IE computes the length of the
comment for a memcpy opperation by substracting the end pointer form
the start pointer. The comment starts behind "/*" and should end at "*/",
no detailed investigation.
Cheers,
SkyLined
- Original Message -
From: Phuong Nguyen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 23, 2004 19:17
Subject: [Full-Disclosure] Crash IE with 11 bytes ;)
Hey,
I thought you guys might want to know that it only takes 11 bytes
Here's a detailed description of what's going wrong with [STYLE]@;/*
The problem is the unterminated comment /*; IE computes the length of
the comment for a memcpy opperation by substracting the end pointer form
the start pointer. The comment starts behind /* and should end at */,
but since
Sent: Monday, July 26, 2004 7:44 AM
To: [EMAIL PROTECTED]; 'Phuong Nguyen'; 'Marcel Krause'
Cc: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Crash IE with 11 bytes ;)
Yeah about:input%20type%20crash did crash IE, on my win 2K system.
Even the following works in IE (not in Mozilla/5.0
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stephen Taylor
Sent: Saturday, July 24, 2004 1:20 AM
To: 'Phuong Nguyen'; 'Marcel Krause'
Cc: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Crash IE with 11 bytes ;)
I don't understand the effect it has on Mozilla. It certainly
Yeah I saw this on July 5 on SecuriTeam. Your stuff, isn't it?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phuong
Nguyen
Sent: Friday, July 23, 2004 1:18 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Crash IE with 11 bytes ;)
Hey,
I thought you
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phuong
Nguyen
Sent: Friday, July 23, 2004 1:49 PM
To: Marcel Krause
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Crash IE with 11 bytes ;)
Oh, I actually didn't know about that! Coolio ;) !!
Phuong
At 12:47 AM 7/24/2004, Marcel Krause
: Friday, July 23, 2004 1:49 PM
To: Marcel Krause
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Crash IE with 11 bytes ;)
Oh, I actually didn't know about that! Coolio ;) !!
Phuong
At 12:47 AM 7/24/2004, Marcel Krause wrote:
Hi!
There is a similar Bug using about:input
hi,
I thought you guys might want to know that it only takes 11 bytes to crash
IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do
is style;@/* ;) simple as that. More details@
http://www.ecqurity.com/adv/IEstyle.html
IE 5.01 SP2 seems to be immune. tested at least
user at work.
ST
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phuong
Nguyen
Sent: Friday, July 23, 2004 1:49 PM
To: Marcel Krause
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Crash IE with 11 bytes ;)
Oh, I actually didn't know about that! Coolio
IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do
is style;@/* ;) simple as that. More details@
http://www.ecqurity.com/adv/IEstyle.html
Seems to work with IE 6 .0 on Windows XP SP2 Beta 2 as well !!!
___
Full-Disclosure - We
Hey,
I thought you guys might want to know that it only takes 11 bytes to crash
IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do
is style;@/* ;) simple as that. More details@
http://www.ecqurity.com/adv/IEstyle.html
Phuong
Oh, I actually didn't know about that! Coolio ;) !!
Phuong
At 12:47 AM 7/24/2004, Marcel Krause wrote:
Hi!
There is a similar Bug using about:input%20type%20crash .
Well i think that's old news to you :)
Yours, Marcel
___
Full-Disclosure - We believe in
:18 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Crash IE with 11 bytes ;)
Hey,
I thought you guys might want to know that it only takes 11 bytes to crash
IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do
is style;@/* ;) simple as that. More details@
http
PROTECTED]
Subject: [Full-Disclosure] Crash IE with 11 bytes ;)
Hey,
I thought you guys might want to know that it only takes 11 bytes to crash
IE 5.x , 6.x SP1. CSS memory corruption vulnerability. All you need to do
is style;@/* ;) simple as that. More details@
http://www.ecqurity.com/adv
. I am a W2K user at work.
ST
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phuong
Nguyen
Sent: Friday, July 23, 2004 1:49 PM
To: Marcel Krause
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Crash IE with 11 bytes ;)
Oh, I actually didn't know about
16 matches
Mail list logo