[satknis]

hello peps,
today i played with html and a thing i found
is a bug that causes the system to crash.
i just tested it with firefox, maybe other
browsers have the same bug?
can anybody tell me if it is known or not?

DONT CLICK AT THE LINK WITHOUT SAVING ALL WORK

here a test link:
www.xtremescripter.de/pngbug

[Sh4dowWalker]

satknis, on Jul 13 2005, 03:55 PM, said:

hello peps,
today i played with html and a thing i found
is a bug that causes the system to crash.
i just tested it with firefox, maybe other
browsers have the same bug?
can anybody tell me if it is known or not?

DONT CLICK AT THE LINK WITHOUT SAVING ALL WORK

here a test link:
www.xtremescripter.de/pngbug

<{POST_SNAPBACK}>

BTW - The image bug in firefox crashing a system is known for some time and was posted on security sites.
And why won't you also post the code? <_< So if yours isn't using the same method then the more you should post it.

Hopefully in FF 1.05 they fixed that.

[manaox2]

Good Lord man. That is a scary vulnerability. Amazingly, it only froze my computer for about 5 seconds on firefox 1.0.5. But something even scarier happened in Internet Explorer when I tested with the security settings set to the max on the local intranet and internet zones. Blue Screen of Death. Followed by a reboot where my computer no longer recognized my hard drive. COMPLETE CRASH. :ph34r: Upon fixing the problem, the logs stated it crashed my ati display driver.

This is the html code for the 1024x768x24 BPP png file:

<html><head></head><body>know or not?<br>
but it crashes your system or doesn't it?
:-/<p></p>
<p>mfg
<img src="pngbug_files/pic.png" alt="puh" height="9999999" width="9999999"></p></body></html>

I managed to save a complete copy of the page for further testing. My computer is fully patched and updated as far as I can find. This worries me. I want to know more about this, because this seems to be a cross browser problem. Why is internet explorer vulnerable to this and not my picture viewer or explorer? Anyone else survived a test of this page?

[linux_dude]

Wow, you were playing with HTML and discovered a moderalty old bug involving png scaling with almost all browsers, what are the chances. :huh:

STOP LYING!!!!!!

Besides, it's bug, not really suited for code execution, so it isn't that severe or critical. :lol:

[pugrit]

although it would be fun to play with. you know what i mean :D

[manaox2]

They sure are taking their time fixing that bug. It seemed pretty severe to Internet Explorer and can obviously be used for evil. I know that I didn't lie about what happened. I could use this to steal a coworkers mac address with ARP Spoofing when their computer goes down. You don't consider crashing a user's pc remotely dangerous?

[warzone]

Wow this bug crashed my pc on internet explorer and froze it on firefox 1.0.5 and I'm running sp2

[satknis]

linux_dude: if you think so ok... but i was playing with html as i found it out! and it was new for me.
so if it is so old where can i find something about it? manaox2 has posted the code!

i had not enough time to post the code, but i wanted to show all people this bug.
i now have tested it with firefox and IE and
my system also crashes with BSOD, it says something that ati2dvag or so has a
error...
i think the problem is that it fills the graphic cards ram and causes it to crash.

[manaox2]

I also have that same video driver. I am thinking that possibly this bug only affects the ati video driver. Can someone test this with, say, an Nvidia video card? I want to know if this is a hardware bug because my video card is fairly new. I'm not sure about the video card's RAM thing. It doesn't make sence to me unless Internet Explorer allocates the RAM for the picture differently than firefox. Or maybe firefox has a limiter in place.

[warzone]

I have agp nVidia TNT2 M64

[linux_dude]

It has nothing to do with your browser or video card, it's an inherent flaw in the way windows processes HUGE images, causing kernel panics and a BSOD referencing your video driver, won't happen on a mac or linux.

What exactly were you trying to put up on a page that needs a square of 100 million pixles? (That's the problem btw <_< ) Just asking to see how you 'stumbled' on this bug.

Here's the original page for the bug: hxxp://www.hunger.hu/win.html (Don't click unless you want to BSOD windows)

[Warlord_David]

umm doesnt hurt my system one bit. I can scroll around the page and have fun :P

WinXP Pro SP2 (With all current updates)
1GB RDRAM
P4 2.4Ghz
GeForce 4 Ti 4200 Vid card

also have Firefox 1.0.5

[warzone]

Well this bug doesn't affect firefox 1.0.5. Try visiting the link with your IE

[satknis]

i was making a design.
the page has some pictiures in it and as i reached the end of the code
a friend of mine(who doesn't know this bug and is a little crazy) told me to put
some real high numbers in width hight tags. as i was viewing the page my pcs
beguns to freeze, then it hat a BSOD. thats how i found out this bug!



ps: it always easier to say lier...

[Warlord_David]

no thank you, i aint touching IE with a 80 foot pole.