Author Topic: One line of html code to crash Winblows  (Read 71456 times)

RaZoR1394

  • Member
  • **
  • Posts: 208
  • Kudos: 219
    • http://razoreye.mine.nu/
One line of html code to crash Winblows
« on: 10 June 2005, 08:51 »
Never gotten XP to crash before??? Well now it should. At least in most cases apparently. :D

There is obviously a very nasty image size bug in Windows (even XP SP2) together with IE, FF or Mozilla. Opera however seems to be immune to this.

Here is the sample code that makes the comp crash.

Code: [Select]






-----------------------------------------------------------------
CAUTION! THE LINK UNDERNEATH WILL CRASH THE COMP IF YOU USE WINDOWS!
-----------------------------------------------------------------

HERE is a site where they have tried the bug.

-----------------------------------------------------------------
CAUTION! THE LINK ABOVE WILL CRASH THE COMP IF YOU USE WINDOWS!
------------------------------------------------------------------

If you have disabled "automatically restart" it will show a bluescreen, else it will reboot. I've only got access to Windows via a Vmware virtual machine with a fully updated XP SP2 copy and it gave me a bluescreen after totally locking up the VM.

Well this is totally rediculous. Crashing the computer because of unrealistic image size. HAHHAAHHAHA!

edit: I tried the winboot page on my main Gentoo comp and it just showed a flat green pic. :thumbup:

RaZoR1394

  • Member
  • **
  • Posts: 208
  • Kudos: 219
    • http://razoreye.mine.nu/
Re: One line of html code to crash Winblows
« Reply #1 on: 10 June 2005, 09:01 »
HERE is the bugreport.

And HERE is a confirmed report at Heise (German).

TB

  • Member
  • **
  • Posts: 112
  • Kudos: 0
Re: One line of html code to crash Winblows
« Reply #2 on: 10 June 2005, 10:48 »
Holy crap. That was even worse than the bug!

RaZoR1394

  • Member
  • **
  • Posts: 208
  • Kudos: 219
    • http://razoreye.mine.nu/
Re: One line of html code to crash Winblows
« Reply #3 on: 10 June 2005, 11:50 »
Yup, also much worse than Sasser and MSblast. Trust me, this will be used in a lot of websites just to f*ck people up.

HERE's a shot I took in vmware.

Microsoft are already releasing 7 security fixes on Tuesday I think. Maybe they won't have time to fix this one.

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Re: One line of html code to crash Winblows
« Reply #4 on: 10 June 2005, 12:19 »
Apparently not an issue in XP Pro SP2 running Firefox 1.0.4 - my dad has the laptop out-of-state until Saturday, so I'm stuck running the Beast. Meh, at least it has a tuner card to make up for its shortcomings. :cool:

EDIT: I experienced some slowdown on a P4 2.6HT, but that's about it. No crashes, no BSoDs, no automatic reboots (though that may be because I've had that disabled since Sasser). Is there any particular reason why we're expecting a reasonable benchmark from the lowest common denominator (a $30 Windows OS)?

Quote from: toadlife
I won't be losing any sleep over it.

Me either.

Quote from: toadlife
My wifes is a GeForce3, and bluescreen references an infinite loop happening with the nvidia driver. I'm wondering if this is nothing bug a bug with Nvidia's drivers.

I would surmise as much, I'm using the onboard video that came with the mobo, an Asus P4P800-VM (according to Everest, it's an Intel 82865G Graphics Controller, and may I add Myst IV fucking kicks ass on it).
« Last Edit: 10 June 2005, 12:48 by Orethrius »

Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: One line of html code to crash Winblows
« Reply #5 on: 10 June 2005, 12:22 »
Quote from: RaZoR1394
Yup, also much worse than Sasser and MSblast. Trust me, this will be used in a lot of websites just to f*ck people up.

It's NOT worse than Blaster. Blaster was a self propogating worm that executed code on remote systems. This simply exploits a bug in the image rendering code, (or maybe the kernel's handling of graphics drivers?), and crashes the OS.


Quote from: RaZoR1394
Microsoft are already releasing 7 fixes om Tuesday I think. Maybe they won't have time to fix this one.

I won't be losing any sleep over it.
:)

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: One line of html code to crash Winblows
« Reply #6 on: 10 June 2005, 12:31 »
Quote from: Orethrius
Apparently not an issue in XP Pro SP2 running Firefox 1.0.4 - my dad has the laptop out-of-state until Saturday, so I'm stuck running the Beast. Meh, at least it has a tuner card to make up for its shortcomings. :cool:


Interesting. It crashed my wife's XP Pro SP2 box with Firefox 1.0.4. What type of graphics card is in the machine you have?

My wifes is a GeForce3, and bluescreen references an infinite loop happening with the nvidia driver. I'm wondering if this is nothing bug a bug with Nvidia's drivers.
:)

TB

  • Member
  • **
  • Posts: 112
  • Kudos: 0
Re: One line of html code to crash Winblows
« Reply #7 on: 10 June 2005, 12:34 »
I'm running Firefox 1.0.4 on SP1 and I didnt even get a BSOD......it simply froze then rebooted. And I just happened to do this while burning a DVD

RaZoR1394

  • Member
  • **
  • Posts: 208
  • Kudos: 219
    • http://razoreye.mine.nu/
Re: One line of html code to crash Winblows
« Reply #8 on: 10 June 2005, 12:36 »
Quote from: TB
I'm running Firefox 1.0.4 on SP1 and I didnt even get a BSOD......it simply froze then rebooted. And I just happened to do this while burning a DVD

Quote from: "*ME*"
If you have disabled "automatically restart" it will show a bluescreen, else it will reboot.

:rolleyes:

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: One line of html code to crash Winblows
« Reply #9 on: 10 June 2005, 12:37 »
You have to set windows to not reboot when it bluescreens in order to see the bluescreen. The default behavior is to automatically reboot.

Right click on my computers, click on properties, and find the "start up and recovery" section
:)

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: One line of html code to crash Winblows
« Reply #10 on: 10 June 2005, 12:38 »
lol

"RTFT"
:)

RaZoR1394

  • Member
  • **
  • Posts: 208
  • Kudos: 219
    • http://razoreye.mine.nu/
Re: One line of html code to crash Winblows
« Reply #11 on: 10 June 2005, 12:38 »
Quote from: toadlife
It's NOT worse than Blaster. Blaster was a self propogating worm that executed code on remote systems. This simply exploits a bug in the image rendering code, (or maybe the kernel's handling of graphics drivers?), and crashes the OS.

You're right but I was more thinking of being able to do a "shutdown -a" in the prompt to prevent msblast/sasser. With this bug it totally locks up the comp and reboots/shows bluescreen.

Also, I think this has a lot to do with RAM. Some people who have a lot of ram report the bug just locking the comp up instead of reboot/show bluescreen.

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: One line of html code to crash Winblows
« Reply #12 on: 10 June 2005, 12:41 »
Perhaps the memory is just filling up? Running out of memory is  sure way to crash any os. That woulf explain why people with huge amounts of ram don't crash.
:)

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: One line of html code to crash Winblows
« Reply #13 on: 10 June 2005, 12:43 »
Quote from: TB
And I just happened to do this while burning a DVD

Why would you click on that link if you were doing something important at the time?
:)

RaZoR1394

  • Member
  • **
  • Posts: 208
  • Kudos: 219
    • http://razoreye.mine.nu/
Re: One line of html code to crash Winblows
« Reply #14 on: 10 June 2005, 12:47 »
Hmm this makes me remember the "Britney spears pic + mIRC + IE + Windows" bug. Don't remember how it worked though, but it was very nasty.