Synergy between IE4 bug and Intel flaw
stewarts at ix.netcom.com
stewarts at ix.netcom.com
Tue Nov 18 13:04:21 PST 1997
RISKS DIGEST 19.46 http://catless.ncl.ac.uk/Risks/19.46.html
has several articles on the Pentium F00FC7C8 bug.
Apparently there are workarounds for it, but there's also the article below.
(Also, Microsoft has supposedly issued a fix for the IE4 bug,
but fat chance on everybody deploying it quickly enough.)
-----------------------------------------
Date: Wed, 12 Nov 1997 08:27:05 -0700 (MST)
From: Jonathan Levine <jonathan at canuck.com>
Subject: Synergy between IE4 bug and Intel flaw
By now I'm sure you've heard about this delightful synergy:
> ------- Forwarded Message
> Date: Tue, 11 Nov 1997 06:53:45 -0500
> From: "Per Hammer" <phammer at raleigh.ibm.com>
> Subject: New IE4 security hole exploited ...
>
> http://www.wired.com/news/news/technology/story/8429.html
>
> The deal is, if your use a 'RES://' URL that us longer than 256 characters,
> byte 257 onwards will be executed as machine code. Now ... think ...
> F0 0F C7 C8
>
> Which is only slightly less malicious than deleting any files ...
>
> Per Hammer phammer at raleigh.ibm.com
More information about the cypherpunks-legacy
mailing list