Telecom and Logistics Associates
Phone +41 22 328 14 88       Security news service         updated

OBJECT vulnerability in IE 4.0 going through firewall-1

Author : Christian ALT: calt@tla.ch                  go to Firewall-1 support

Date : 6.8.98                             other Security alerts can ge found at http://www.tla.ch/alert

Attaque description: Sending an html page composed of a bad sequence with the <OBJECT> tag.. This goes undiscovered by Firewall-1.  The attaque source can be in an attached file, residing on a html page that you download. It is a matter of content checking. Most site will be vulnerable since they have Firewall-1 rules of type

or rules of type

or rules of type

Vulnerable :    Internet Explorer 4.0 even with SP1
                        running on W95, W98, NT 4.0 even with SP3

    To test the vulnerability activat this link : crash my IE 4.0

What is the code :

-------------- start -----------------------

<HTML>
<title>It shut down your IE 4.0</title>
<OBJECT CLASSID=#></OBJECT>
</HTML>

------------ End --------------------

This vulnerability is based on infinite loop and recursion

Solutions: procmail with : http://www.wolfenet.com/~jhardin/procmail-kit.html

The filter can also handle OBJECT

Refer to our alert :   Solutions to NAME attacks in MIME Header through Firewall-1

TLAalert: Is a service of Telecom and Logistics Associates to inform our customer about security improvement at their sites. A commercial service of TLAalert is available for people wishing to receive specific security alerts and countermeasures. If you want to receive specific security information regarding your site contact

Comments to :