Author Topic: Vuln from... 1995?  (Read 10187 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Vuln from... 1995?
« on: December 21, 2005, 11:06:56 am »

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Vuln from... 1995?
« Reply #1 on: December 21, 2005, 01:38:34 pm »
That's old. :P
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Vuln from... 1995?
« Reply #2 on: December 21, 2005, 01:41:28 pm »
Yeah, but it still affects Windows XP SP2.. that's the funny thing. 

And from what I've read, it's not IE, it's Windows.  It affects any browser. 

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Vuln from... 1995?
« Reply #3 on: December 21, 2005, 01:41:42 pm »
That's saaaaad sad shit.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Vuln from... 1995?
« Reply #4 on: December 21, 2005, 01:49:25 pm »
I just tested it in VMWare.. worked beautifully :)


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Vuln from... 1995?
« Reply #5 on: December 21, 2005, 02:02:31 pm »
Check out the link in my signature.. .that's this :)

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: Vuln from... 1995?
« Reply #6 on: December 21, 2005, 02:50:59 pm »
It didn't crash my xp sp2 machine (I'm at work)....

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Vuln from... 1995?
« Reply #7 on: December 21, 2005, 03:04:38 pm »
Windows 98SE + IE = Nothing
Windows 98SE + Firefox = Nothing
Windows XP SP2 + Firefox = Nothing
Windows XP SP2 + IE = WE HAVE A WINNER ~
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Vuln from... 1995?
« Reply #8 on: December 21, 2005, 06:45:17 pm »
<3 No SP2. :)
And like a fool I believed myself, and thought I was somebody else...

Offline wires

  • Pwnage
  • x86
  • Hero Member
  • *****
  • Posts: 1103
  • cocaine is fun!
    • View Profile
    • Weapon Of Mass Destruction
Re: Vuln from... 1995?
« Reply #9 on: December 21, 2005, 06:50:00 pm »
Windows 98SE + IE = Nothing
Windows 98SE + Firefox = Nothing
Windows XP SP2 + Firefox = Nothing
Windows XP SP2 + IE = WE HAVE A WINNER ~
Rebooted me when I used Firefox. :(

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Vuln from... 1995?
« Reply #10 on: December 21, 2005, 07:48:30 pm »
Firefox and SP1 dies. It crashes the video driver, trying to load stoopid.jpg that has width="9999999" height="9999999" .
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Vuln from... 1995?
« Reply #11 on: December 21, 2005, 08:10:18 pm »
Firefox 1.5 (latest) and SP2 lives.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Vuln from... 1995?
« Reply #12 on: December 21, 2005, 09:35:59 pm »
Firefox and SP1 dies. It crashes the video driver, trying to load stoopid.jpg that has width="9999999" height="9999999" .

The actual picture doesn't, but the .html says it does.  On the one on my page (in my signature), I'm just using a screenshot that I had handy :)

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Vuln from... 1995?
« Reply #13 on: December 21, 2005, 09:39:54 pm »
Firefox and SP1 dies. It crashes the video driver, trying to load stoopid.jpg that has width="9999999" height="9999999" .

The actual picture doesn't, but the .html says it does.  On the one on my page (in my signature), I'm just using a screenshot that I had handy :)

What are you trying to say? Please clarify that post, you sound drunk.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Vuln from... 1995?
« Reply #14 on: December 21, 2005, 09:59:36 pm »
Didn't crash me, owned newb.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Vuln from... 1995?
« Reply #15 on: December 21, 2005, 10:50:42 pm »
Quote
Firefox and SP1 dies. It crashes the video driver

Signed.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Vuln from... 1995?
« Reply #16 on: December 21, 2005, 11:17:56 pm »
That's why you don't use ATI. gg
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Vuln from... 1995?
« Reply #17 on: December 21, 2005, 11:24:44 pm »
That's why you don't use ATI. gg

I'm on an nVidia GeForce.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Vuln from... 1995?
« Reply #18 on: December 21, 2005, 11:27:38 pm »
Well you fail.  I like how it crashes the new cards but my nVIDIA GeForce3 Titanium 200 64mb video card be unaffected.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Vuln from... 1995?
« Reply #19 on: December 21, 2005, 11:50:36 pm »
Firefox and SP1 dies. It crashes the video driver, trying to load stoopid.jpg that has width="9999999" height="9999999" .

The actual picture doesn't, but the .html says it does.  On the one on my page (in my signature), I'm just using a screenshot that I had handy :)

What are you trying to say? Please clarify that post, you sound drunk.

I read over it, and it sounds fine. 

The actual image doesn't have a size of what you said.  The image can be any size. 

The .html tag, on the other hand, resizes the image to something that Windows can't handle. 

Does it work better in smaller words?

Anyway, this is especially fun on:
- SMF forums
- MySpace
:)

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Vuln from... 1995?
« Reply #20 on: December 21, 2005, 11:59:30 pm »
Don't forget IPB boards!
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Vuln from... 1995?
« Reply #21 on: December 22, 2005, 12:19:12 am »
Firefox and SP1 dies. It crashes the video driver, trying to load stoopid.jpg that has width="9999999" height="9999999" .

The actual picture doesn't, but the .html says it does.  On the one on my page (in my signature), I'm just using a screenshot that I had handy :)

What are you trying to say? Please clarify that post, you sound drunk.

I read over it, and it sounds fine. 

The actual image doesn't have a size of what you said.  The image can be any size. 

The .html tag, on the other hand, resizes the image to something that Windows can't handle. 

Does it work better in smaller words?

Anyway, this is especially fun on:
- SMF forums
- MySpace
:)

So the image doesn't matter (not an issue of opening it up in a hex editor and changing specific bytes like other exploits have been), but the HTML code crashing video drivers because it is trying to render too large of an image is the fault? Tell me if I'm mistaken.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Vuln from... 1995?
« Reply #22 on: December 22, 2005, 12:33:45 am »
So the image doesn't matter (not an issue of opening it up in a hex editor and changing specific bytes like other exploits have been), but the HTML code crashing video drivers because it is trying to render too large of an image is the fault? Tell me if I'm mistaken.

In this case, yes.

However, because it happens on different browsers, it is probably deeper than that.  But it definitely has to do with loading an image with a huge size. 

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Vuln from... 1995?
« Reply #23 on: December 22, 2005, 01:06:18 am »
So the image doesn't matter (not an issue of opening it up in a hex editor and changing specific bytes like other exploits have been), but the HTML code crashing video drivers because it is trying to render too large of an image is the fault? Tell me if I'm mistaken.

In this case, yes.

However, because it happens on different browsers, it is probably deeper than that.  But it definitely has to do with loading an image with a huge size. 

It's probably the fact that Windows attempts to resize an image to an amazingly large size, and can't do this because it sucks!
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Vuln from... 1995?
« Reply #24 on: December 22, 2005, 01:52:18 am »
Bad picture but meh...
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Vuln from... 1995?
« Reply #25 on: December 22, 2005, 03:57:48 am »
Oh yeah?



Much prettier :)

Also note that Windows' Bluescreen takes 100% cpu usage.  *wonders why*

Offline Screenor

  • Hero Member
  • *****
  • Posts: 1611
  • My own little world.
    • View Profile
Re: Vuln from... 1995?
« Reply #26 on: December 29, 2005, 05:13:42 am »
There was a similar bug to this a while back that worked on all browsers, just it involved making a .gif 9999 (literally) times it's size, it was patched pretty quickly with Firefox, though.

My favorite atm is http://aquabelic.tk/

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Vuln from... 1995?
« Reply #27 on: December 29, 2005, 03:00:40 pm »
ROFL.  That's sad.

Offline RoMi

  • x86
  • Hero Member
  • *****
  • Posts: 502
  • gg no re
    • View Profile
Re: Vuln from... 1995?
« Reply #28 on: December 31, 2005, 10:46:08 pm »
In Media Center 05 it doesn't crash.  Firefox handels it.  IE becomes unresponsive needing to be closed with ALT-F4 or ALT-CTRL-DEL.  No crashing however.
-RoMi

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Vuln from... 1995?
« Reply #29 on: January 03, 2006, 02:06:06 am »
in XP SP2 with Firefox 1.5 it blue screens, pre 1.5 it just restarted.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling