[37114] in bugtraq
Re: Update: Web browsers - a mini-farce (MSIE gives in)
daemon@ATHENA.MIT.EDU (MCMuir@dstoutput.com)
Thu Oct 28 13:03:15 2004
From: MCMuir@dstoutput.com
In-Reply-To: <20041025150044.21995.qmail@www.securityfocus.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Message-ID: <OFDCE35045.7B4071FD-ON86256F3A.0063BEA8-88256F3A.0063FFCA@dstsystems.com>
Date: Wed, 27 Oct 2004 11:09:55 -0700
Content-Type: text/plain; charset="US-ASCII"
6.0.2800.1106 on Win 2k Pro (5.00.2195 SP4) does not crash.
-mike
<gabrield89@hotmail.com> wrote on 10/25/2004 08:00:44 AM:
> In-Reply-To: <20041023001154.F23256@dekadens.coredump.cx>
>
> >
>
> >Last but not least, MSIE gives in:
>
> >
>
> >> Only MSIE appears to be able to consistently handle [*] malformed
>
> >> input well, suggesting this is the only program that underwent
>
> >> rudimentary security QA testing with a similar fuzz utility.
>
> >
>
> >To all those who considered my original post to be a great propaganda
>
> >ammunition for praising MSIE, bad news - although it did take a longer
>
> >while for it to give up - three hours - (impressive by comparison to
>
> >competitors), it eventually did:
>
> >
>
> > http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
>
> >
>
> >Tested on 6.0.2800.1106, dies in mshtml.dll. This is a NULL pointer
>
> >dereference, so merely a DoS condition, but still an evident flaw in
>
> >basic HTML parsing.
>
> >
>
>
>
> Testing on Windows 98 running IE 6.0.2800.1106. Nothing happens. IE
> does not crash. Can anyone else confirm this?
