Home Archive RSS/XML Subscribe Shop

[ISN] Bug can crash IE 4.01

From: <jericho_at_dimensional.com>
Date: Sun 22 Mar 1998 - 21:02:53 CST
   Bug can crash IE 4.01
   By Alex Lash
   Staff Writer, CNET NEWS.COM
   March 17, 1998, 12:35 p.m. PT
   
   A new bug that crashes Microsoft's Internet Explorer 4.01 browser is an
   annoyance but does not seem to pose a security threat.
   
   Because of the flaw, a Web page designer can exploit the HTML "object" tag to
   make a user's browser crash and most likely force him to restart the system.
   The bug has been tested and found on IE 4.01 for Windows 95 and NT 4.0
   systems.
   
   Microsoft acknowledged the bug but stressed that a mischievous programmer must
   add a specific block of HTML to his Web site to affect users.
   
   The worst-case risk apparently is loss of any unsaved data and settings when
   the browser crashes. Neither Microsoft nor Abe Getchell, a system
   administrator who posted news of the bug to the Bugtraq mailing list
   yesterday, have found more serious security implications. Microsoft isn't in a
   hurry to fix the problem.
   
   "Microsoft has no current plans to implement a fix for these issues," a
   spokeswoman said. She added that Microsoft always works to improve the browser
   but declined to comment on release dates of future upgrades or "maintenance
   releases."
   
   Bugs in Internet software draw great attention because of the possibility of
   network security breaches from the outside. Security flaws in both Microsoft
   and Netscape Communications' browsers have allowed, at least theoretically,
   the viewing or pilfering of users' local files. But few if any cases of actual
   mischief have ever been detected or reported.
   
   "Personally, I think that bugs like these in commercial software are
   unacceptable, but I can understand why [Microsoft] took the position it did,"
   Getchell wrote in his posting to Bugtraq. He was not immediately available for
   further comment.
   
   The problem has three variations based on slight changes to the HTML,
   according to Getchell. All three variations cause the browser to get stuck in
   a loop and either crash or eat up system memory.
   



-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated
Received on Sun Mar 22 20:20:31 1998
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy