Internet Explorer's dumbest bug ever revealed

One line of HTML and it's dead

By Staff at the Newsdesk

Fri May 02 2003, 19:08

BORED OF CREATING buffer overflow possibilities and security gaps an electronic elephant could walk through, Microsoft's Internet Explorer development team has turned its attention to good old HTML. Thankfully, this bug just crashes IE. Embarrassingly for the Vole, it's done with just one malformed line of HTML.

The bug is listed on BugTraq as requiring five lines of HTML but, after a small amount of experimentation, you'll find that it can be done with just one line of HTML. The offending line?

In fact, the word "crash" doesn't really make any difference; you can put "calamari" or "IE sucks" in there and it will still go belly up.

So the Vole has definitely managed to outdo itself this time. According to Neowin, Outlook, Frontpage and anything else that uses shlwapi.dll suffers the same fate. So that simple line of malformed HTML could stop you from reading your email too.

You can find the Bugtraq post here. µ

Top 10 worst tech presents for Christmas Gifts to avoid, or get for people you don't like Friday, 23 December 2011, 09:00 AM Read more	40 years of microprocessor development As Intel celebrates the 40th birthday of the 4004 chip, The INQUIRER looks at the key landmarks Tuesday, 15 November 2011, 08:00 AM Read more
Exploithub offers $4,000 for twelve working exploits Kicks off a bounty programme Friday, 7 October 2011, 14:06 PM Read more	Microsoft Internet Explorer users are thick headed Rubbish browser turns brains to mush Friday, 29 July 2011, 16:21 PM Read more
Samsung Chromebook hits the UK to mixed reviews A dumb netbook running a Google OS Friday, 24 June 2011, 15:00 PM Read more	Update to PHP includes key security bug fixes Web developer language upgrade Friday, 18 March 2011, 12:52 PM Read more

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Technical Author

Technical Author - Enfield,...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Internet Explorer's dumbest bug ever revealed

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review