Bugtraqmailing list archives
IE/OE6.0 cannot handle malformed XBM files
From: "Adam [wp-ckkl]" <ckkl () poczta wp pl>
Date: Tue, 30 Apr 2002 20:28:19 +0200
hello,Internet Explorer [only 6.0] allows the usage of XBM graphic filesand tries to display them whenever they're used in any HTML file[as IMG tag] or when attached to an e-mail.XBM structure is very easyit is a text file with C-like syntax and f.ex. looks like#define picture_width ?? // picture width#define picture_height ?? // picture width heightstatic unsigned char picture_bits[] = { //hex picture data );IE doesn't check properly the content of XBM filesand you may force the browser/e-mail client to hang upthat will end up in their silent exit because of the AccessViolation exception [as shown with a great help of windbg,it is generated inside mshtml.dll].IE doesn't check the width and height of the image, so youmay write whatever you want and IE will try to interprete it,trying to allocate enough memory for an oversized buffer.When previewed f.ex. in Outlook Express, malformed e-mailmay force this client to exit (and others that rely on IE).For an example of such malformed e-mail download one frommy homepage and try to open by clicking it in Windows Explorer.http://www.sztolnia.pl/hack/xbmbug/xbmbug.emlDon't forget to run OE first :)Adam Błaszczyk[02-01-11] [en/pl] Home page/Domowahttp://www.mykakee.com[02-01-31] [pl] Pirotechnikahttp://pyro.pieklo.org[02-04-27] [pl] Sztolnia kodera, FAQ p.c.p.http://www.sztolnia.plCurrent thread:
- IE/OE6.0 cannot handle malformed XBM filesAdam [wp-ckkl] (Apr 30)