Re: favicon.ico

Bruce Stephens (
Tue, 14 Dec 1999 14:59:12 +1100

I suspect that this may be another great security hole in IE!!
As I said - the favicons.ico web site was put up for POSITIVE support for
Linux Apache log readers rather than the destruction of M$IE!!


>On Thu, Nov 18, 1999 at 05:26:51PM +0200, Angelos Karageorgiou wrote:
>> Alan Cox wrote:
>> >
>> > Blank should be fine. Corrupt data does crash most versions of IE so do be
>> > careful what you put there
>> >
>> <tongue in cheek>
>> I don't see a problem with that, does anyone else ?
>> </tongue in cheek>
>> --
>> Angelos Karageorgiou angelos@StockTrade.GR
>Yes, you can crash IE with a buffer overflow using favicon.ico. You
>can execute arbitrary code on any winblows machine when they bookmark
>your site...
>You can also keep statistics of which and how many IE users bookmark
>your site.
>Gregory P. Smith gnupg/pgp:
> C379 1F92 3703 52C9 87C4 BE58 6CDA DB87 105D 9163
>Content-Type: application/pgp-signature
>Attachment converted: Tuscan Adventure:Untitled (????/----) (0008A72A)

To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to