[NEWS] - Internet Explorer's dumbest bug ever revealed

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,927
Location
USA
BORED OF CREATING buffer overflow possibilities and security gaps an electronic elephant could walk through, Microsoft's Internet Explorer development team has turned its attention to good old HTML. Thankfully, this bug just crashes IE. Embarrassingly for the Vole, it's done with just one malformed line of HTML.
The bug is listed on BugTraq as requiring five lines of HTML but, after a small amount of experimentation, you'll find that it can be done with just one line of HTML. The offending line?

<input type crash>

In fact, the word "crash" doesn't really make any difference; you can put "calamari" or "IE sucks" in there and it will still go belly up.

So the Vole has definitely managed to outdo itself this time. According to Neowin, Outlook, Frontpage and anything else that uses shlwapi.dll suffers the same fate. So that simple line of malformed HTML could stop you from reading your email too.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
I know it'll be fixed and everything, but it absolutely stuns me that something like that could make it through QA. MS code is supposed to reviewed and whiteboarded before being committed to the product. Something like that would be basic error checking.
 

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,729
Location
Québec, Québec
Mercutio said:
I know it'll be fixed and everything, but it absolutely stuns me that something like that could make it through QA.
I thought it was common knowledge that MS' QA was their customers.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,927
Location
USA
<INPUT ...>
TYPE = TEXT | CHECKBOX | RADIO | PASSWORD | HIDDEN | SUBMIT | RESET | BUTTON | FILE | IMAGE

Used for interaction with forms and a variety of other things.
 

Fushigi

Storage Is My Life
Joined
Jan 23, 2002
Messages
2,890
Location
Illinois, USA
Here's a 'newly discovered' security bug for Passport:

DATE: May 8th, 2003
PRODUCTS AFFECTED: Passport

WHAT IS IT?
The PSS Security Team is issuing this alert to inform customers of a vulnerability that was recently reported in the Passport service. Information on Passport can be found at this website http://www.passport.com. This vulnerability could have allowed the compromise of the Passport service password.

IMPACT OF VULNERABILITY: Compromise of passport service password.

ADDITIONAL DETAILS:
Microsoft was alerted to a new vulnerability in the Passport service in the evening on May 7th, 2003. Specifically, there is a mechanism where users who cannot remember their password, and need to reset it, can do so using the email address associated with their account. That email address would receive an email with a link allowing the user to reset the account. The vulnerability could have allowed an attacker to change the password to an account by redirecting the reset email to a different address. To protect customers, Microsoft responded by temporarily disabling the feature by which customers can reset their passwords via e-mail. Microsoft also removed the vulnerable webpage interface and is working to remove the vulnerability and re-enable functionality.

Customers can still change their passwords at http://www.passport.com.

Users who are able to sign in to Passport were not affected by this vulnerability and can be assured that their Passport password was not compromised using this vulnerability. Users who are unable to sign in to the Passport service might be experiencing a variety of support issues or their account may have been compromised due to this vulnerability. Customers who are unable to sign-in should contact Product Support Services using this link: http://register.passport.net/contactus.srf

Please visit http://www.microsoft.com/security for the most current information on this alert.

If you have any questions regarding this alert please contact me. Thank you.

Jerry Johanes
Microsoft Technical Account Manager, MCSE
E-Mail: xxxxxxx@microsoft.com
Work Phone: (xxx) xxx-xxxx
Cellular Phone: (xxx) xxx-xxxx
https://premier.microsoft.com

- Fushigi
 

SteveC

Storage is cool
Joined
Jul 5, 2002
Messages
789
Location
NJ, USA
Five lines that crash Mozilla:

Code:
<html>
<fieldset style="position:fixed;">
<legend>Crash</legend>
</fieldset> 
</html>

Crash your browser here.
 

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,729
Location
Québec, Québec
SteveC said:
Five lines that crash Mozilla:

Code:
<html>
<fieldset style="position:fixed;">
<legend>Crash</legend>
</fieldset> 
</html>

Crash your browser here.
Just want to report that the above no longer makes Mozilla Firebird crashes. Bug has been fixed.
 
Top