Just in case you don’t follow the BugTraq email list there has been discussion over the last couple of days about an interesting bug in Microsoft Windows and or Internet Explorer. A demo of bug has been posted at http://www.geocities.com/visitbipin/crazy.html. BE WARNED, viewing that site in IE on a Windows box will cause it to lock up and reboot! Just for kicks I tried on my Windows XP box and it caused it to be rebooted when I viewed it with IE. When Windows came back up it reported an error with the NVidia GForce 2 video drivers. The good news is that if you view the site using Firefox on Windows your system will slow down to a crawl, but you can still use the task manager to kill Firefox, bringing everything back to normal. No such luck in IE. If I really wanted to rub it in I’d mention that viewing the site with Safari on Mac OS X does nothing but take a little while to download, no crushing load or reboot in site. That would probably be too much though, so we’ll just keep that to ourselves.
Triggering this bug is remarkably easy, looks like at that is needed is to include an image tag that has the width and height specified as 9999999 each. I’d suppose that any image could be used for this. I was able to make it work with an html file that only contained the following line:
<img width=9999999 height=9999999 src=”crazy.jpg” >
The first mention of this that I noticed was the BugTraq post which happened on 11 Aug 2004. I realize that Microsoft is likely very busy right now trying to get XP SP2 out the door, but this bug should get some attention. Hmmmm, if you could combine this with a Cross Site Scripting (XSS) attack this could get really interesting.
<star wars>
I felt a great disturbance in the net, as if millions of Windows systems suddenly cried out in terror and were suddenly rebooted.
</star wars>
Update (11:18 am 12 Aug 2004): I just finished installing SP2 for Windows XP and IE no longer crashes with this bug.
Update (11:45 am 12 Aug 2004): This also does not work on a laptop I tried it on. It has an ATI video card. It did make the system extremely slow but it was still able to kill IE via the task manager.