Microsoft IE iframe src DoS already reported to Microsoft
Security Professionals,
On Wednesday, April 7, 2004, Emmanouel Kellinis reported to Bugtraq that
the following HTML tag would cause IE to crash:
<iframe src="?">
Please see post:
http://www.securityfocus.com/archive/1/359767/2004-04-05/2004-04-11/0
I discovered this bug in January 2004 and reported it to Microsoft on
January 28, 2004.
After working with Microsoft, I decided to wait until the bug was fixed
before announcing it. In my opinion, this is part of responsible
disclosure.
I hope Microsoft will publicly reply to this post and confirm that I was
the individual who originally reported the bug to them.
'ken'@FTU
--
====================================
http://www.ftusecurity.com
Serving Straight HTML Since '02
====================================