Re: favicon.ico

Gregory P. Smith (
Mon, 13 Dec 1999 12:34:37 -0800

Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 18, 1999 at 05:26:51PM +0200, Angelos Karageorgiou wrote:
> Alan Cox wrote:
> >=20
> > Blank should be fine. Corrupt data does crash most versions of IE so do=
> > careful what you put there
> >=20
> <tongue in cheek>
> I don't see a problem with that, does anyone else ?
> </tongue in cheek>
> --=20
> Angelos Karageorgiou angelos@StockTrade.GR

Yes, you can crash IE with a buffer overflow using favicon.ico. You
can execute arbitrary code on any winblows machine when they bookmark
your site...

You can also keep statistics of which and how many IE users bookmark
your site.

Gregory P. Smith gnupg/pgp:
C379 1F92 3703 52C9 87C4 BE58 6CDA DB87 105D 9163

Content-Type: application/pgp-signature

Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see


To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to