Next message: terry white: "Re: Fwd: Please post this anonymously (without my email-address and such)"
> In data 23/10/01 18.53, Holmes, Ben ha scritto a
> <vuln-devat_private> il seguente messaggio:
>
>
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >I usually use Opera browser (it truly is a fast browser), and it just
> closed
> >when I went to a link...
> >
> >The link was "http://www.malware.com/hello.html";
> >
> >In Netscape, it is supposed to play a sound file...
> >
> >In I.E it just comes up and allows to view source.
> [...]
>
> No crash here with this system:
> Opera 5.12
> Build 932
> No Java Runtime
> Language Italian
> O.S. Win98 first ed. (italian).
> Clicking on View Source button, just return a "404 Not Found" message.
Correct. On our Opera 5.10 Build 902 on Windows 98 ALSO with "No Java
Runtime Environment installed" -- no crash either.
Here's the inside scoop:
On the page http://www.malware.com/notscape.html is the exact same url
scheme as is on hello.html with one exception.
data:[<mediatype>][;base64],<data> with image/gif only requires the input of
the actual image file encoded in base64. Nothing more. However, to make the
sound file work [data:audio/wav;base64...] we found that in order to invoke
the applicable plug-in, in Netscape, we had to add the actual file
extension:
.wav
This is encoded and incorporated in the data:audio/wav;base64..............
....Ly53YXYAUADrAVYCAAAAAAAAAAAAAAAAAAAAAAAAAA==<~~~ at the tail-end
translates to:
/.wav
If it's not crashing on the first page ..notscape.htmlwith the image/gif and
no necessary file extension needed, but on the hello.html it could be caused
by that. Additionally test whether the amount of base64 encoding in fact has
an affect, by simply chopping out all or most of the encoded wav file and
only leave the incorporated encoded file extension and the marker [RIFF�
WAVEfmt � U � àÄ’j{�z¸Ÿ] at the begining:
<embed
src="data:audio/wav;base64,UklGRs4VAABXQVZFZm10IB4AAABVAAEA4C4AAMQJAAABAAAADAABAAIAAADwAAIAcQVmYWN0BAAAAO9eAABkYXRhkBUAAP/jNMQAAAACWyFAAAD0HfEsN+NC35BRlg9T/DBArckx7/8ujjG2Whx//jTKIDZlqMlVkl4NuaQrJpwfm4yhgToZMrWofYas1Qya//LDVo5GspeYzSEiEILA6B4oNuf/jJMSfGMJGo/gYRcLxBkU4FFiQFCopiwFCRJ8XMjI9uAhcy2vSEhcz1sM//4CZxRH////////////////////////////////////////////////////////////////jNMSPGAGCCABI0xD////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////jJMSyAYACWyAAAAD//////////////////////////////////////////////////////////////////////////////////////////////////////////////w==Ly53YXYAUADrAVYCAAAAAAAAAAAAAAAAAAAAAAAAAA=="
autostart=true width=0 height=0 loop=true>
Lastly, the view-source protocol is only netscape and explorer specific.
---
http://www.malware.com
_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/
This archive was generated by hypermail 2b30
: Wed Oct 24 2001 - 11:36:30 PDT