[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Stack Overflow in MSHTML.DLL

Title: Stack Overflow in MSHTML.DLL
Released by: Thor Larholm
Date: 15th January 2001
Printable version: Click here
Stack Overflow in MSHTML.DLL

Systems affected:

Any program using MSHTML.DLL for HTML parsing (Internet Explorer,

Outlook/Outlook Express and other HTML-enabled emailreaders).

Reliably tested on IE4.0 and higher on any Windows system, with any servicepacks

and patches.

Older versions of MSHTML.DLL may be affected too, but remains untested.

Risk: Low/Medium


MSHTML.DLL crashes with a Stack Overflow from simple scripting.


The bug is only experienced when dealing with multiple window objects, where one

is receiving data. To reproduce the bug, create a JScript object, set a property

on the object from the window object receiving data, delete the object and

create it again.

No exploitable buffer overflows have been found so far.





Disable Active Scripting.

Vendor status:

Microsoft was contacted on 4 December 2000.

Bug is considered to be a code quality bug, and will be adressed in a future SP

for IE.


Thor Larholm

(C) 1999-2000 All rights reserved.