class101
01-11-05, 17:19
I think I have found by chance this weekend a security bug,while browsing the website news, within iexplorer on all windows versions.
I haven't enough knowledge (and don't want) into web browsers security to conduct a full investigation, at least,
I took the source of the webpage and with a simple split method on the html code, it's now reduce to some line of html code and a .css file to trigger the bug.
And by the way the crash looks like to happen each time now instead of sometimes while browsing the affected website.
my tests(updated to 01 Nov. 2005):
Windows NT4 Workstation SP6a ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-
Windows NT4 Server SP6a ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-
Windows 2k Workstation SP4 ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-
Windows 2k Server SP4 ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-
Windows XP Professional SP1 ENGLISH 64-bit (IE32-6.0.3790.1830) -CRASH-
Windows XP Professional SP1 ENGLISH 64-bit (IE64-6.0.3790.1830) -CRASH-
Windows XP Professional SP2 ENGLISH 32-bit (IE32-6.0.2900.2180) -CRASH-
Windows XP Professional SP1 ENGLISH 32-bit (IE32-6.0.2900.1106) -CRASH-
Windows 2k3 Server Std SP1 ENGLISH 32-bit (IE32-6.0.3790.1830) -CRASH- (silently exiting, no crash box...)
let's crash your browser
http://heapoverflow.com/IEcrash.htm (ONLINE test)
http://heapoverflow.com/IEcrash.rar (OFFLINE package)
;>
note: haven't attempted to reduce the size of the .css , so it's prolly possible to split it and to find what into the .css file, in addition of the 6 html lines , is causing this crash.
Passing the work to browser's experts..
I haven't enough knowledge (and don't want) into web browsers security to conduct a full investigation, at least,
I took the source of the webpage and with a simple split method on the html code, it's now reduce to some line of html code and a .css file to trigger the bug.
And by the way the crash looks like to happen each time now instead of sometimes while browsing the affected website.
my tests(updated to 01 Nov. 2005):
Windows NT4 Workstation SP6a ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-
Windows NT4 Server SP6a ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-
Windows 2k Workstation SP4 ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-
Windows 2k Server SP4 ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-
Windows XP Professional SP1 ENGLISH 64-bit (IE32-6.0.3790.1830) -CRASH-
Windows XP Professional SP1 ENGLISH 64-bit (IE64-6.0.3790.1830) -CRASH-
Windows XP Professional SP2 ENGLISH 32-bit (IE32-6.0.2900.2180) -CRASH-
Windows XP Professional SP1 ENGLISH 32-bit (IE32-6.0.2900.1106) -CRASH-
Windows 2k3 Server Std SP1 ENGLISH 32-bit (IE32-6.0.3790.1830) -CRASH- (silently exiting, no crash box...)
let's crash your browser
http://heapoverflow.com/IEcrash.htm (ONLINE test)
http://heapoverflow.com/IEcrash.rar (OFFLINE package)
;>
note: haven't attempted to reduce the size of the .css , so it's prolly possible to split it and to find what into the .css file, in addition of the 6 html lines , is causing this crash.
Passing the work to browser's experts..