Home - Archives

Previous: SharpMT - Offline windows editor for MT
Next: More about Opera
May 04, 2003

Unbelievable effort to support tags in IE ;-)

This is a funny bug found in Internet Explorer (and all other software where the HTML rendering libraries are used, such as Outlook and co.).

By including <input type crash> in your HTML code, it is actually possible to get Internet Explorer & co to crash! Talk about compliance.

Check out the bug report: Secunia - Advisories - Microsoft Shell Light-Weight Utility Library Denial of Service

Reportedly, the vulnerability can be exploited to crash the following applications: - Windows Explorer - Internet Explorer - Outlook - Outlook Express - Frontpage

NOTE: Other applications may also be affected.


Solution:
There is no immidiate solution available.

If this is regarded as a serious risk, then don't view untrusted HTML documents. Use another browser that isn't linked to the vulnerable library when surfing the Internet.

Yet another good reason to switch to Opera!

Disclaimer: I am norwegian, and so is Opera Software. Unfortunately I don't own any stocks in the company ;-)


Comments

You actually dont need the crash.
will work just as well.

Posted by: Sean Clark - kl: 02:57, 04 May, 2003 - #834

ooops. the comments stripped the html.
You dont need the crash, only this: <input type>

Posted by: Sean Clark - kl: 02:59, 04 May, 2003 - #835

It will crash with anything you put after the type. try:

input type nothing

Regards,

Miguel Moreno
miguel@mxer.com

Posted by: Miguel Moreno - kl: 03:23, 04 May, 2003 - #836

Sean,

You beat me. I was just going to mention that....

Regards,

Miguel Moreno

Posted by: Miguel Moreno - kl: 03:24, 04 May, 2003 - #837

I tried that on all my browsers and they didn't crash? You sure its [input type nothing] (replaced the square brackets with the normal HTML brackets..)

Posted by: Scott Barnes - kl: 04:34, 04 May, 2003 - #838

You starting to promote Opera, Jarle? :)

Disclaimer: Not Norwegian, don't own stocks in Opera, but do work for them ;-)

Posted by: Remco - kl: 12:43, 04 May, 2003 - #842

Hi Remco, Opera is a great browser and I have been pushing it whenever I have had the chance. With 7 it has really become a grown up browser with a lot of UI enhancements that I miss in other browsers (I am sure Microsoft will follow with gestures pretty soon).

The amazing thing is that the browser is still lightening fast, even with its amazing CSS/HTML rendering support. The only thing I miss is support for XML. Its nice to be able to browse XML documents as threes in IE, would have been great with something simular in Opera.

Posted by: Jarle - kl: 14:24, 04 May, 2003 - #843

Have to agree there, support for XML treeview would be indeed quite nice.

There's been some discussion about this ( http://my.opera.com/forums/showthread.php?s=&threadid=18078&highlight=xml ) on the Opera forums, but it doesn't seem like the developers are very enthousiastic about it.

Posted by: Remco - kl: 13:32, 06 May, 2003 - #853
Trackbacks
URL for trackbacks:
http://weblog.bergersen.net/cgi-bin/mt/mt-tb.cgi/91

Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?