Re: favicon.ico

Gregory P. Smith (greg@electricrain.com)
Mon, 13 Dec 1999 12:34:37 -0800


--Nq2Wo0NMKNjxTN9z
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 18, 1999 at 05:26:51PM +0200, Angelos Karageorgiou wrote:
> Alan Cox wrote:
> >=20
> > Blank should be fine. Corrupt data does crash most versions of IE so do=
be
> > careful what you put there
> >=20
>=20
> <tongue in cheek>
> I don't see a problem with that, does anyone else ?
> </tongue in cheek>
> --=20
> Angelos Karageorgiou angelos@StockTrade.GR

Yes, you can crash IE with a buffer overflow using favicon.ico. You
can execute arbitrary code on any winblows machine when they bookmark
your site...

You can also keep statistics of which and how many IE users bookmark
your site.

--=20
Gregory P. Smith gnupg/pgp: http://suitenine.com/greg/keys/
C379 1F92 3703 52C9 87C4 BE58 6CDA DB87 105D 9163

--Nq2Wo0NMKNjxTN9z
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEAREBAAYFAjhVWFwACgkQbNrbhxBdkWMIKwCgsbpS2FCX8eDB1mtlV0MNaOfS
XWwAoO7RWQGKY/LHlIX7IpPmy3DpVUAp
=+Ox1
-----END PGP SIGNATURE-----

--Nq2Wo0NMKNjxTN9z--
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu