Re: favicon.ico

Bruce Stephens (bruce@toorak.com)
Tue, 14 Dec 1999 14:59:12 +1100


I suspect that this may be another great security hole in IE!!
As I said - the favicons.ico web site was put up for POSITIVE support for
Linux Apache log readers rather than the destruction of M$IE!!

Regards,
Bruce.

>On Thu, Nov 18, 1999 at 05:26:51PM +0200, Angelos Karageorgiou wrote:
>> Alan Cox wrote:
>> >
>> > Blank should be fine. Corrupt data does crash most versions of IE so do be
>> > careful what you put there
>> >
>>
>> <tongue in cheek>
>> I don't see a problem with that, does anyone else ?
>> </tongue in cheek>
>> --
>> Angelos Karageorgiou angelos@StockTrade.GR
>
>Yes, you can crash IE with a buffer overflow using favicon.ico. You
>can execute arbitrary code on any winblows machine when they bookmark
>your site...
>
>You can also keep statistics of which and how many IE users bookmark
>your site.
>
>--
>Gregory P. Smith gnupg/pgp: http://suitenine.com/greg/keys/
> C379 1F92 3703 52C9 87C4 BE58 6CDA DB87 105D 9163
>
>Content-Type: application/pgp-signature
>
>Attachment converted: Tuscan Adventure:Untitled (????/----) (0008A72A)

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu