Re: Update: Web browsers - a mini-farce (MSIE gives in)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Update: Web browsers - a mini-farce (MSIE gives in)
From: <gabrield89@xxxxxxxxxxx>
Date: 25 Oct 2004 15:00:44 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <20041023001154.F23256@xxxxxxxxxxxxxxxxxxxx>

>
>Last but not least, MSIE gives in:
>
>>   Only MSIE appears to be able to consistently handle [*] malformed
>>   input well, suggesting this is the only program that underwent
>>   rudimentary security QA testing with a similar fuzz utility.
>
>To all those who considered my original post to be a great propaganda
>ammunition for praising MSIE, bad news - although it did take a longer
>while for it to give up - three hours - (impressive by comparison to
>competitors), it eventually did:
>
>  http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
>
>Tested on 6.0.2800.1106, dies in mshtml.dll. This is a NULL pointer
>dereference, so merely a DoS condition, but still an evident flaw in
>basic HTML parsing.
>

Testing on Windows 98 running IE 6.0.2800.1106. Nothing happens. IE does not 
crash. Can anyone else confirm this?

Follow-Ups:
- Re: Update: Web browsers - a mini-farce (MSIE gives in)
  - From: MCMuir

Prev by Date: Mozilla Firefox (tested on 0.9.3) html-code crash.
Next by Date: Re: [Full-Disclosure] Update: Web browsers - a mini-farce (MSIE gives in)
Previous by thread: Re: Update: Web browsers - a mini-farce (MSIE gives in)
Next by thread: Re: Update: Web browsers - a mini-farce (MSIE gives in)
Index(es):
- Date
- Thread