[90360] in Cypherpunks
Synergy between IE4 bug and Intel flaw
daemon@ATHENA.MIT.EDU (stewarts@ix.netcom.com)
Tue Nov 18 16:55:57 1997
From: stewarts@ix.netcom.com
Date: Tue, 18 Nov 1997 10:33:54 -0800
To: cypherpunks@toad.com
Original-From: Bill Stewart <stewarts@ix.netcom.com>
Reply-To: stewarts@ix.netcom.com
RISKS DIGEST 19.46 http://catless.ncl.ac.uk/Risks/19.46.html
has several articles on the Pentium F00FC7C8 bug.
Apparently there are workarounds for it, but there's also the article below.
(Also, Microsoft has supposedly issued a fix for the IE4 bug,
but fat chance on everybody deploying it quickly enough.)
-----------------------------------------
Date: Wed, 12 Nov 1997 08:27:05 -0700 (MST)
From: Jonathan Levine <jonathan@canuck.com>
Subject: Synergy between IE4 bug and Intel flaw
By now I'm sure you've heard about this delightful synergy:
> ------- Forwarded Message
> Date: Tue, 11 Nov 1997 06:53:45 -0500
> From: "Per Hammer" <phammer@raleigh.ibm.com>
> Subject: New IE4 security hole exploited ...
>
> http://www.wired.com/news/news/technology/story/8429.html
>
> The deal is, if your use a 'RES://' URL that us longer than 256 characters,
> byte 257 onwards will be executed as machine code. Now ... think ...
> F0 0F C7 C8
>
> Which is only slightly less malicious than deleting any files ...
>
> Per Hammer phammer@raleigh.ibm.com
