[10433] in bugtraq
Re: MSIE 5 favicon bug
daemon@ATHENA.MIT.EDU (Flavio Veloso)
Tue May 4 20:05:41 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSI.4.02A.9905041401020.4114-100000@trex.centroin.com.br>
Date: Tue, 4 May 1999 14:15:56 -0300
Reply-To: Flavio Veloso <flaviovs@CENTROIN.COM.BR>
From: Flavio Veloso <flaviovs@CENTROIN.COM.BR>
X-To: Kurt Seifried <listuser@seifried.org>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <002301be95e6$a7e56d00$1400010a@seifried.org>
On Mon, 3 May 1999, Kurt Seifried wrote:
> > When MSIE 5 users bookmark a page, the browser will request a file
> > named "favicon.ico" which is to be used in the "Favorites" menu of the
> > browser. Unfortunately MSIE 5 doesn't check the file integrity and
> > crash if faced with a bad-formed icon file.
> >
> > Upon crashing the stack gets filled with information from the icon
> > file itself, so it may be possible to run code on the client machine,
> > tough I didn't test it.
>
> Doesn't work for me. NT Server 4.0, SP4, MSIE 5.0 (5.00.2314.1003). Tried
> repeatedly.
Due to some reports, it seems that NT users aren't affected. The GPF
is triggered in the USER.EXE module which I bet is different from the
one on Win 95/98, where I did my tests. You're the first one to report
that OSR/2 isn't affected which sounds very strange to me, since it
came (I believe) before 98.
> > Microsoft was notified twice about this issue via the "Report a Bug"
> > form on their web site. The first time about one month ago, the second
> > time about two weeks ago. I didn't receive back any reply.
>
> Tried it from a couple of Win95 (OSR/2, no patches) machines with MSIE 5.0,
> no crash either... if anyone can replicate this I'd be curious to know. How
> have you gone about testing this? Which platform(s)? Win98 only?
I tested it in two different machines:
* Windows 95 + IE 5.00.2314.1003
* Windows 98 + IE 5.00.2314.1003IS (the "IS" is because this is
a Portuguese version of the browser, I guess)
Both crashed miserably.
--
Flavio
