Supprimer un message
zion
Après la faille du back (qui sera pas corrigée car ce n'est pas une situation normale que de cliquer sur back!), voila de quoi planter nos jolis brouteurs!
Cliquez la dessus et poum, plus d'IE
http://www.sztolnia.pl/hack/xbmbug/xbmbug.eml
Thought this was interesting way to give Internet Explorer a mild headache, that I spotted while browsing Securiteam.
Internet Explorer allows the usage of XBM graphic files and tries to display them whenever they are used in any HTML file [as IMG tag] or when attached to an e-mail.
A vulnerability has been found in the way Internet Explorer handles malformed XBM files, where it is possible for a malicious user to cause the IE to crash whilst consuming a large amount of CPU and memory (which is not freed upon the completion of the crash).
Vulnerable systems: Internet Explorer 5.5, 6.0, Outlook Express 5.0, 6.0
The vunerability exists because IE does not check the width and height of the image defined in a XBM file, so you may write whatever you want and IE will try to interpret it.
IE will take these width and heigh dimensions and try to allocate enough memory for an oversized buffer which results in forcing the browser/e-mail client to hang up, ending up in their silent exit because of the Access Violation exception inside mshtml.dll.
When previewed for example in Outlook Express, malformed e-mail may force this client to exit (and others that rely on IE).
Source:
http://www.neowin.net/comments.php?id=4283&category=main
Cliquez la dessus et poum, plus d'IE
http://www.sztolnia.pl/hack/xbmbug/xbmbug.eml
Thought this was interesting way to give Internet Explorer a mild headache, that I spotted while browsing Securiteam.
Internet Explorer allows the usage of XBM graphic files and tries to display them whenever they are used in any HTML file [as IMG tag] or when attached to an e-mail.
A vulnerability has been found in the way Internet Explorer handles malformed XBM files, where it is possible for a malicious user to cause the IE to crash whilst consuming a large amount of CPU and memory (which is not freed upon the completion of the crash).
Vulnerable systems: Internet Explorer 5.5, 6.0, Outlook Express 5.0, 6.0
The vunerability exists because IE does not check the width and height of the image defined in a XBM file, so you may write whatever you want and IE will try to interpret it.
IE will take these width and heigh dimensions and try to allocate enough memory for an oversized buffer which results in forcing the browser/e-mail client to hang up, ending up in their silent exit because of the Access Violation exception inside mshtml.dll.
When previewed for example in Outlook Express, malformed e-mail may force this client to exit (and others that rely on IE).
Source:
http://www.neowin.net/comments.php?id=4283&category=main