[7518] in bugtraq
Re: Object tag crashes Internet Explorer 4.0
daemon@ATHENA.MIT.EDU (Paul Leach)
Tue Aug 4 17:28:56 1998
Date: Tue, 4 Aug 1998 13:57:39 -0700
Reply-To: Paul Leach <paulle@MICROSOFT.COM>
From: Paul Leach <paulle@MICROSOFT.COM>
X-To: Adam Monaghan <adamm@GORGE.NET>
To: BUGTRAQ@NETSPACE.ORG
On the contrary -- Jason's claim was correct. Your example uses a different
object tag and it completely different in nature from the bug that was
fixed: the bug had to do with excessively long file names in HTLM tags,
yours has to do with infinite recursion. Yours can not be exploited to run
untrusted code, unlike the other.
The possibility of infinite loops and infinite recursion in HTML has been
discussed on the lists before. Trying to detect and prevent them is an
instance of the "Turing machine halting" problem, and it is well known among
computer scientists to be impossible.
> -----Original Message-----
> From: Adam Monaghan [mailto:adamm@GORGE.NET]
> Sent: Thursday, July 30, 1998 9:34 AM
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Re: Object tag crashes Internet Explorer 4.0
>
>
> I hate to question your credibility, but you're wrong, im on
> win98 with the
> latest version of IE and the object tag will crash my browser
> and trash my
> systray just like on any other machine, of course the one we
> used wasn't the
> one at the bottom, you have an html file called the data
> object <object
> data="crashmehtml.html"></object> in other words, put that
> tag in an html
> file called crashmehtml.html. We got a kick out of it in the office
>
