IE 5.-6 CSS parsing error

From: Dmitry Leonov (dlat_private)
Date: Sat Jun 15 2002 - 04:46:40 PDT

Next message: I'm I: "malicious PHP source injection"

Previous message: Francis Favorini: "RE: wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Sc ripting"
In reply to: Arun D. Qamra: "Re: IGMP denial of service vulnerability"
Next in thread: patpro: "Re: IE 5.-6 CSS parsing error"
Next in thread: Nick Roffey: "RE: IGMP denial of service vulnerability"
Reply: patpro: "Re: IE 5.-6 CSS parsing error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Two days ago I received report from Oleg A. Cheremisin regarding
CSS parsing problem in Internet Explorer.
Internet Explorer (versions 5,5.5/Windows'98 and 6.0/XP have been
tested) as well as software which uses IE engine for html pages
displaying (like Outlook Express) crashes while trying to parse
CSS table (internal or external) with element p{cssText: font-weight:
bold;} 
Perhaps it was supposed that property cssText can be used only in
scripts. It seems that there is no buffer overflow, but this
vulnerability still can be used for DoS attacks.

Description:
http://www.bugtraq.ru/rsn/archive/2002/06/22.html
Demonstration:
http://www.bugtraq.ru/rsn/archive/2002/06/.keep/.msiecrash.html 

-- 
Yours sincerely,        mailto:dlat_private
Dmitry Leonov          http://www.bugtraq.ru

Next message: I'm I: "malicious PHP source injection"
Previous message: Francis Favorini: "RE: wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Sc ripting"
In reply to: Arun D. Qamra: "Re: IGMP denial of service vulnerability"
Next in thread: patpro: "Re: IE 5.-6 CSS parsing error"
Next in thread: Nick Roffey: "RE: IGMP denial of service vulnerability"
Reply: patpro: "Re: IE 5.-6 CSS parsing error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 15 2002 - 09:06:11 PDT