John Hardin's HTML trap for procmail (I've been helping him expand it to close the Outlook/Netscape long file name hole) defangs OBJECT tags too. See the "Notes" section on the bottom of the page at http://www.wolfenet.com/~jhardin/procmail-kit.html John deserves a lot of credit. His package lays the groundwork for a whole BUNCH of protective "safety nets" that can prevent e-mail exploits. (I was planning to implement something like it to protect my users, but it would have taken me WEEKS if I'd started from scratch. A fix based on his work took less than a day to create.) Everyone on this list who has some understanding of procmail and regular expressions should review the filters at the above URL and suggest improvements. --Brett At 05:06 PM 7/29/98 -0700, Brian Behlendorf wrote: >in message 19980728171036.5485.qmailat_private, Georgi Guninski ><guninskiat_private> told us about an Object Tag problem in MSIE 4.0. He >described it: > >> The <OBJECT> tag seems to crash Internet Explorer 4.0 under Win95 (don't >> know about other versions/OS). >> The following: >> <OBJECT CLASSID=____More than 250 characters here____></OBJECT> >> opens a dialog box "IEXPLORE: ...illegal operation" and closes IE 4.0, >> or a blue screen with "Fatal exception 0E" and you need to reboot. >> I don't think this is exploitable(?), but it is a bad "feature". > >This is good to know - the only problem is that as an attachment, Georgi also >appended an actual example of such an OBJECT tag: > >> -------------------------------------Cut here: Object.html ------- >> <HTML> >> Trying to crash IE 4.0 >> <OBJECT CLASSID=111...111111111> >> </OBJECT> >> </HTML> > >The '...' above being replaced with enough other 1's to do the deed. > >Of course, in doing so, my Win95/Eudora 4 Pro (which is configured to use MSIE >4.0 as its 'HTML browser') crashed before I could read his message. Crashed >the whole OS, actually, losing about 3 hours' worth of work. > >Now, you could say I have no right to complain, it's my own fault for running >ripshod software on a crappy OS, and I wouldn't argue. > >But I would still like to ask that posters to BugTraq, and other forums, >refrain from posting actual, "lethal" examples of the mailer bugs they are >talking about. At this time I'm unaware of any patch for this particular >problem, other than "use WordPad to read your mail" or "get a real OS". > >Thanks. > > Brian > > >--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- >"Common sense is the collection of prejudices | brianat_private >acquired by the age of eighteen." - Einstein | brianat_private >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:10:56 PDT