M
mmi
After a few minutes of browsing the IE support area and not seeing any
obvious means of error reporting, I decided to post here.
While using google's image finding features to find a photo from a favorite
movie, I navigated to a web page hosting an image of interest. The webpage
was of the forum style, with many graphics being used for signatures and
such. Once I was able to spot the image I desired, I pressed the stop
button on the IE toolbar to prevent the slow page load. I then
right-clicked the image I was after and chose the "show image" option from
the context menu. IE crashed (I didn't record the exact error). Subsequent
visits of the page proved this as a repeatable problem for my setup (Windows
XP sp2, .NET sp2, java 1.3, google toolbar, remote proxy). Entering the
address of the image itself directly into the address bar, stopping the page
load, and then choosing show image again resulted in a fatal error - this
one related to polymorphism in the runtime (somehow!). Again, I didn't
record the error with great detail.
This problem is trivially reproducible. This problem may not be limited to
any specific image. This problem may presumably lead to code execution by
exploiting a buffer overflow with a pair of malformed animated gifs and
JavaScript page refresh code.
The page responsible for bringing this issue to my attention is available at
http://www.gixxer.com/ubbthreads/showflat.php?Cat=0&Number=950915
The image in question is
http://userpages.umbc.edu/~awilli14/kappa/kalita/Shonuff1.gif (a picture of
a nasty glowing karate dude, 80x76, 178461 bytes)
-cheers
obvious means of error reporting, I decided to post here.
While using google's image finding features to find a photo from a favorite
movie, I navigated to a web page hosting an image of interest. The webpage
was of the forum style, with many graphics being used for signatures and
such. Once I was able to spot the image I desired, I pressed the stop
button on the IE toolbar to prevent the slow page load. I then
right-clicked the image I was after and chose the "show image" option from
the context menu. IE crashed (I didn't record the exact error). Subsequent
visits of the page proved this as a repeatable problem for my setup (Windows
XP sp2, .NET sp2, java 1.3, google toolbar, remote proxy). Entering the
address of the image itself directly into the address bar, stopping the page
load, and then choosing show image again resulted in a fatal error - this
one related to polymorphism in the runtime (somehow!). Again, I didn't
record the error with great detail.
This problem is trivially reproducible. This problem may not be limited to
any specific image. This problem may presumably lead to code execution by
exploiting a buffer overflow with a pair of malformed animated gifs and
JavaScript page refresh code.
The page responsible for bringing this issue to my attention is available at
http://www.gixxer.com/ubbthreads/showflat.php?Cat=0&Number=950915
The image in question is
http://userpages.umbc.edu/~awilli14/kappa/kalita/Shonuff1.gif (a picture of
a nasty glowing karate dude, 80x76, 178461 bytes)
-cheers