[NEWS] - Internet Explorer's dumbest bug ever revealed

[Handruin]

BORED OF CREATING buffer overflow possibilities and security gaps an electronic elephant could walk through, Microsoft's Internet Explorer development team has turned its attention to good old HTML. Thankfully, this bug just crashes IE. Embarrassingly for the Vole, it's done with just one malformed line of HTML.
The bug is listed on BugTraq as requiring five lines of HTML but, after a small amount of experimentation, you'll find that it can be done with just one line of HTML. The offending line?

<input type crash>

In fact, the word "crash" doesn't really make any difference; you can put "calamari" or "IE sucks" in there and it will still go belly up.

So the Vole has definitely managed to outdo itself this time. According to Neowin, Outlook, Frontpage and anything else that uses shlwapi.dll suffers the same fate. So that simple line of malformed HTML could stop you from reading your email too.

 

[zx]

LOL. Now they have to find a character that will bug IE .

 

[Mercutio]

I know it'll be fixed and everything, but it absolutely stuns me that something like that could make it through QA. MS code is supposed to reviewed and whiteboarded before being committed to the product. Something like that would be basic error checking.

 

[CougTek]

I know it'll be fixed and everything, but it absolutely stuns me that something like that could make it through QA.

I thought it was common knowledge that MS' QA was their customers.

 

[Howell]

Embarassing.
What is code of that syntax normally used to do?

 

[Handruin]

<INPUT ...>
TYPE = TEXT | CHECKBOX | RADIO | PASSWORD | HIDDEN | SUBMIT | RESET | BUTTON | FILE | IMAGE

Used for interaction with forms and a variety of other things.

 

[Handruin]

Code in action for IE users: (may crash your browser, it does for me)

www.handruin.com/crash.html

 

[Jan Kivar]

Code in action for IE users: (may crash your browser, it does for me)

www.handruin.com/crash.html

Works nicely... :evil:

Jan

 

[Tea]

Yup: one crashed browser.

Works fine with Mozilla and Opera, doesn't show the box with Netscape 4.x but doezn't crazh either. That was IE 6.0.

PS: see my Zig.

 

[Buck]

Ditto -- IE 6.0 took a dump. I wonder if MS found this error through the Send Error Report feature?

 

[Mickey]

That was fun.

IE 5.5 crashed. Just one more reason I love using Mozilla.

 

[Fushigi]

Here's a 'newly discovered' security bug for Passport:

DATE: May 8th, 2003
PRODUCTS AFFECTED: Passport

WHAT IS IT?
The PSS Security Team is issuing this alert to inform customers of a vulnerability that was recently reported in the Passport service. Information on Passport can be found at this website http://www.passport.com. This vulnerability could have allowed the compromise of the Passport service password.

IMPACT OF VULNERABILITY: Compromise of passport service password.

ADDITIONAL DETAILS:
Microsoft was alerted to a new vulnerability in the Passport service in the evening on May 7th, 2003. Specifically, there is a mechanism where users who cannot remember their password, and need to reset it, can do so using the email address associated with their account. That email address would receive an email with a link allowing the user to reset the account. The vulnerability could have allowed an attacker to change the password to an account by redirecting the reset email to a different address. To protect customers, Microsoft responded by temporarily disabling the feature by which customers can reset their passwords via e-mail. Microsoft also removed the vulnerable webpage interface and is working to remove the vulnerability and re-enable functionality.

Customers can still change their passwords at http://www.passport.com.

Users who are able to sign in to Passport were not affected by this vulnerability and can be assured that their Passport password was not compromised using this vulnerability. Users who are unable to sign in to the Passport service might be experiencing a variety of support issues or their account may have been compromised due to this vulnerability. Customers who are unable to sign-in should contact Product Support Services using this link: http://register.passport.net/contactus.srf

Please visit http://www.microsoft.com/security for the most current information on this alert.

If you have any questions regarding this alert please contact me. Thank you.

Jerry Johanes
Microsoft Technical Account Manager, MCSE
E-Mail: xxxxxxx@microsoft.com
Work Phone: (xxx) xxx-xxxx
Cellular Phone: (xxx) xxx-xxxx
https://premier.microsoft.com

- Fushigi

 

[GMac]

Another deceased I.E 6 - how do they manage it? (shame I can't use Mozilla at work.....)

GM

 

[SteveC]

Five lines that crash Mozilla:

<html>
<fieldset style="position:fixed;">
<legend>Crash</legend>
</fieldset> 
</html>

Crash your browser here.

 

[Buck]

So StevenC, why does the style="position:fixed;" attribute crash the Gecko engine?

 

[SteveC]

So StevenC, why does the style="position:fixed;" attribute crash the Gecko engine?

I don't know. The bug report is here.

 

[CougTek]

Five lines that crash Mozilla:

<html>
<fieldset style="position:fixed;">
<legend>Crash</legend>
</fieldset> 
</html>

Crash your browser here.

Just want to report that the above no longer makes Mozilla Firebird crashes. Bug has been fixed.

 

[blakerwry]

yup, no crashes here man.