On Mon, 3 May 1999, Kurt Seifried wrote: > > When MSIE 5 users bookmark a page, the browser will request a file > > named "favicon.ico" which is to be used in the "Favorites" menu of the > > browser. Unfortunately MSIE 5 doesn't check the file integrity and > > crash if faced with a bad-formed icon file. > > > > Upon crashing the stack gets filled with information from the icon > > file itself, so it may be possible to run code on the client machine, > > tough I didn't test it. > > Doesn't work for me. NT Server 4.0, SP4, MSIE 5.0 (5.00.2314.1003). Tried > repeatedly. Due to some reports, it seems that NT users aren't affected. The GPF is triggered in the USER.EXE module which I bet is different from the one on Win 95/98, where I did my tests. You're the first one to report that OSR/2 isn't affected which sounds very strange to me, since it came (I believe) before 98. > > Microsoft was notified twice about this issue via the "Report a Bug" > > form on their web site. The first time about one month ago, the second > > time about two weeks ago. I didn't receive back any reply. > > Tried it from a couple of Win95 (OSR/2, no patches) machines with MSIE 5.0, > no crash either... if anyone can replicate this I'd be curious to know. How > have you gone about testing this? Which platform(s)? Win98 only? I tested it in two different machines: * Windows 95 + IE 5.00.2314.1003 * Windows 98 + IE 5.00.2314.1003IS (the "IS" is because this is a Portuguese version of the browser, I guess) Both crashed miserably. -- Flavio
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:44:45 PDT