[10432] in bugtraq
Re: MSIE 5 favicon bug
daemon@ATHENA.MIT.EDU (Kurt Seifried)
Tue May 4 20:05:40 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <002301be95e6$a7e56d00$1400010a@seifried.org>
Date: Mon, 3 May 1999 22:29:10 -0600
Reply-To: Kurt Seifried <listuser@SEIFRIED.ORG>
From: Kurt Seifried <listuser@SEIFRIED.ORG>
X-To: Flavio Veloso <flaviovs@CENTROIN.COM.BR>
To: BUGTRAQ@NETSPACE.ORG
> Hi folks.
>
> When MSIE 5 users bookmark a page, the browser will request a file
> named "favicon.ico" which is to be used in the "Favorites" menu of the
> browser. Unfortunately MSIE 5 doesn't check the file integrity and
> crash if faced with a bad-formed icon file.
>
> Upon crashing the stack gets filled with information from the icon
> file itself, so it may be possible to run code on the client machine,
> tough I didn't test it.
Doesn't work for me. NT Server 4.0, SP4, MSIE 5.0 (5.00.2314.1003). Tried
repeatedly.
> Microsoft was notified twice about this issue via the "Report a Bug"
> form on their web site. The first time about one month ago, the second
> time about two weeks ago. I didn't receive back any reply.
Tried it from a couple of Win95 (OSR/2, no patches) machines with MSIE 5.0,
no crash either... if anyone can replicate this I'd be curious to know. How
have you gone about testing this? Which platform(s)? Win98 only?
> More information about this bug (plus another privacy issue about the
> "favicon.ico" file) is available at
> http://web.cip.com.br/flaviovs/sec/favicon/index.html.
>
> --
> Flavio
-Kurt Seifried, MCP+I, MCSE
https://www.seifried.org/kurt/
Linux Administrators Security Guide
https://www.seifried.org/lasg/
