ITCOW [L]

From
http://www.theinquirer.net/?article=9288

TRY AT YOUR OWN RISK!

One line of HTML and it’s dead

By Staff at the Newsdesk: Friday 02 May 2003, 18:08

BORED OF CREATING buffer overflow possibilities and security gaps an electronic
elephant could walk through, Microsoft’s Internet Explorer development team has
turned its attention to good old HTML. Thankfully, this bug just crashes IE.
Embarrassingly for the Vole, it’s done with just one malformed line of HTML.
The bug is listed on BugTraq as requiring five lines of HTML but, after a small
amount of experimentation, you’ll find that it can be done with just one line of
HTML. The offending line?

In fact, the word “crash” doesn’t really make any difference; you can put
“calamari” or “IE sucks” in there and it will still go belly up.

So the Vole has definitely managed to outdo itself this time. According to
Neowin, Outlook, Frontpage and anything else that uses shlwapi.dll suffers the
same fate. So that simple line of malformed HTML could stop you from reading
your email too.

You can find the Bugtraq post here.
?