T.U.B.

A simple HTLM page is capable of crashing a windows pc.

When an image-tag in an HTML page is loaded and the size of the image is blown up with the WITH and HEIGHT attributes until a certain extend, the loaded image eats up so much recourses that the videodriver and the computer crashes (bluescreen, restart or freezes).

so, watch out for bad jokes with this vulnarability!

my source is a German site: heise online
and
The 'Full-disclosure' mailinglist

Next is an example of the code that 'causes the crashes.
It is extremely simple:

!!!! Warning: Use this code at your own risk. Save anything you are working on before trying out. !!!!

copy and paste in a HTML page.
point the "YourImage.jpg" to a real image.

__________________
Amerika by Franz Kafka
“As Karl Rossman, a poor boy of sixteen who had been packed off to America by his parents because a servant girl had seduced him and got herself a child by him, stood on the liner slowly entering the harbour of New York, a sudden burst of sunshine seemed to illumine the Statue of Liberty, so that he saw it in a new light, although he had sighted it long before. The arm with the sword rose up as if newly stretched aloft, and round the figure blew the free winds of heaven.”

zen_tom

You should be able to send people emails with these settings - those who's browsers are html enabled might be in trouble. Have you tried this out?

T.U.B.

Haven't tried it.
But I have a bad feeling that I'm going to encounter this a lot: think of guestbooks, msn, fora, bbs,... all could be HMTL-enabled and all could be easy accessed by 13 year old no-brain would-be script-kiddies.

EDIT: watch out @ work!
I just successfully crashed a win2k server while opening a page with this code through remote desktop.
Luckily for me this was my own test-server and it is located in the room next to me, but I can't think of what would happen in a live environment

__________________
Amerika by Franz Kafka
“As Karl Rossman, a poor boy of sixteen who had been packed off to America by his parents because a servant girl had seduced him and got herself a child by him, stood on the liner slowly entering the harbour of New York, a sudden burst of sunshine seemed to illumine the Statue of Liberty, so that he saw it in a new light, although he had sighted it long before. The arm with the sword rose up as if newly stretched aloft, and round the figure blew the free winds of heaven.”

zen_tom

Does it work with Firefox, Safari, or any other browsers?

zen_tom

I just ran the german site through a translator - http://www.google.com/translate?u=ht...&hl=en&ie=UTF8

looks like Firefox etc might have problems with this as well.

zen_tom

Well I just tested it - If you're quick, you could probably stop Firefox via your Task Manager before it crashes your machine (it really slowed my PC down but I stopped it before it got really nasty)

However, IE caused a reboot within 20 seconds of me opening a page I'd made.

pan6467

Good thing I use Yahoo mail and have my HTML disabled.

Does it affect netscape?

__________________
I just love people who use the excuse "I use/do this because I LOVE the feeling/joy/happiness it brings me" and expect you to be ok with that as you watch them destroy their life blindly following. My response is, "I like to put forks in an eletrical socket, just LOVE that feeling, can't ever get enough of it, so will you let me put this copper fork in that electric socket?"

Slavakion

There was a story about this on digg a couple days ago. Based on the thread there, linux and macs are unaffected. And you can be unaffected as well if you have a good processor and plenty of memory. I crashed pretty hard, though.