RISKS DIGEST 19.46 http://catless.ncl.ac.uk/Risks/19.46.html has several articles on the Pentium F00FC7C8 bug. Apparently there are workarounds for it, but there's also the article below. (Also, Microsoft has supposedly issued a fix for the IE4 bug, but fat chance on everybody deploying it quickly enough.) ----------------------------------------- Date: Wed, 12 Nov 1997 08:27:05 -0700 (MST) From: Jonathan Levine <jonathan@canuck.com> Subject: Synergy between IE4 bug and Intel flaw By now I'm sure you've heard about this delightful synergy:
------- Forwarded Message Date: Tue, 11 Nov 1997 06:53:45 -0500 From: "Per Hammer" <phammer@raleigh.ibm.com> Subject: New IE4 security hole exploited ...
http://www.wired.com/news/news/technology/story/8429.html
The deal is, if your use a 'RES://' URL that us longer than 256 characters, byte 257 onwards will be executed as machine code. Now ... think ... F0 0F C7 C8
Which is only slightly less malicious than deleting any files ...
Per Hammer phammer@raleigh.ibm.com