Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

HTML Rendering Crashes IE
Slashdot ^ | SlimySlimy

Posted on 05/03/2003 12:48:39 PM PDT by Dominic Harr

SlimySlimy writes "According to this article on Secunia, a new IE exploit was found that crashes almost any version of Internet Explorer past 4.0 with just 5 lines of plain HTML code (no JavaScript, ActiveX, etc.). If you're very brave, you can test/crash your IE by going here." There's also a note on SecurityFocus.


TOPICS: Technical
KEYWORDS: microsoft; techindex
Navigation: use the links below to view more comments.
first 1-2021-4041-50 next last
No perm damage, just crashes the window.

Just fyi.

1 posted on 05/03/2003 12:48:39 PM PDT by Dominic Harr
[ Post Reply | Private Reply | View Replies]

To: Dominic Harr
One of about 10 last month.
2 posted on 05/03/2003 12:49:36 PM PDT by sigSEGV
[ Post Reply | Private Reply | To 1 | View Replies]

To: *tech_index
To ping, or not to ping.

PING.

3 posted on 05/03/2003 12:49:38 PM PDT by Dominic Harr
[ Post Reply | Private Reply | To 1 | View Replies]

To: Dominic Harr
Damn. That's the last straw. I'm quitting computing forever.
4 posted on 05/03/2003 12:51:07 PM PDT by Glenn (What were you thinking, Al?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Dominic Harr
OK-- I tried it. Sure enough-- I got an IE Explorer message that IE needed to close. My Mozilla just opened a blank page.
5 posted on 05/03/2003 12:52:03 PM PDT by Clara Lou (I detest Filthy Bill and Hildabeast.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Glenn
nah, there's no such thing as the perfect tool, anywhere.

Altho . . . simple HTML crashing a web browser? That is not good, to say the least.

6 posted on 05/03/2003 12:52:17 PM PDT by Dominic Harr
[ Post Reply | Private Reply | To 4 | View Replies]

To: Clara Lou
Yeah, it happened to me to. Netscape just displayed the text box.

Funny, in a small way.

7 posted on 05/03/2003 12:53:02 PM PDT by Dominic Harr
[ Post Reply | Private Reply | To 5 | View Replies]

To: Dominic Harr
Oh hell....more knowledge I shouldn't be trusted with.
8 posted on 05/03/2003 12:53:25 PM PDT by Focault's Pendulum (I'm changing my tag line....somebody hand that wrench....no...the other one.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Clara Lou
Also crashes Outlook, Word, Excel, and even Explorer.exe.
9 posted on 05/03/2003 12:54:08 PM PDT by sigSEGV
[ Post Reply | Private Reply | To 5 | View Replies]

To: Dominic Harr
Unbelievable, IE lets html activate the crash sequence!
<html>
<form>
<input type crash>
</form>
</html>

10 posted on 05/03/2003 12:56:43 PM PDT by Fixit (http://www.comedian.blogspot.com)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Dominic Harr
< html >
< form >
< input type crash >
< /form >
< /html >

I'd kinda bet the engine is taking this personally.
11 posted on 05/03/2003 12:57:08 PM PDT by Glenn (What were you thinking, Al?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Dominic Harr
html>
form>
input type crash>
/form>
/html>

Here is the actual code, without the < removed.

What is "input type crash"?

12 posted on 05/03/2003 12:58:27 PM PDT by moyden2000
[ Post Reply | Private Reply | To 1 | View Replies]

To: sigSEGV
Also crashes Outlook, Word, Excel, and even Explorer.exe.
I wish that I could become more knowledgeable about my Mandrake. I don't grasp the file system. [I have a dual-boot.] Maybe this summer-- I'd love to leave MS.
13 posted on 05/03/2003 12:59:36 PM PDT by Clara Lou (I detest Filthy Bill and Hildabeast.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Dominic Harr
Source code:

html
form
input type crash
/form
/html
14 posted on 05/03/2003 1:01:18 PM PDT by MaryFromMichigan (Without hope we haven't a prayer, and prayer is the path where there is none)
[ Post Reply | Private Reply | To 1 | View Replies]

To: moyden2000
What is "input type crash"?

You can substitute 'crash' with anything, including 'dummy', and it'll still crash. It looks like the object creation (input type) is probably causing a memory leak (no closing tag), allowing a GPF when the page code is closed (/form and /html). If IE allows this, that's pretty sad.

-The Hajman-
15 posted on 05/03/2003 1:02:45 PM PDT by Hajman
[ Post Reply | Private Reply | To 12 | View Replies]

To: Dominic Harr
Bump
16 posted on 05/03/2003 1:03:05 PM PDT by Fiddlstix
[ Post Reply | Private Reply | To 1 | View Replies]

It does not crash IE for Macintosh. It provides a text box that you can type into.

It does not crash Netscape or Safari for Mac either.

17 posted on 05/03/2003 1:04:12 PM PDT by zeebee
[ Post Reply | Private Reply | To 13 | View Replies]

To: Dominic Harr
Luckily it seems that the FR posting system is smart enough to filter this stuff out before allowing it be posted.
18 posted on 05/03/2003 1:06:51 PM PDT by Fixit
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeebee
It does not crash IE for Macintosh. It provides a text box that you can type into. It does not crash Netscape or Safari for Mac either.
That's because Safari is Unix-based.
19 posted on 05/03/2003 1:07:37 PM PDT by Clara Lou (I detest Filthy Bill and Hildabeast.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Hajman
You can substitute 'crash' with anything, including 'dummy', and it'll still crash

It is nuts that this bug is still in there from IE 4. Even Microsoft must have hit this a thousand times. All you have to do is have a typo in the input type and... boom. Whatever is parsing the 'input' line doesn't handle the case where the next token is not one of the defined types. That's just lazy. Typos in the input are everyday occurrences.

20 posted on 05/03/2003 1:12:45 PM PDT by Nick Danger (The liberals are slaughtering themselves at the gates of the newsroom)
[ Post Reply | Private Reply | To 15 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-50 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson