[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
In the October 16, 1995 issue of PC Week, Spencer F. Katt writes:
>Isn't it ironic? Andreessen creates the WEB while in college; now
>college students are finding all the holes in it. Two students have
>uncovered a serious bug in Netscape Navigator, one Katt source
>contends. The browser has a 2K-byte buffer for reading HTML
>documents. Well, these tipsters found that once the page has sent
>more than 2K, any assembly code in the HTML document will be
>executed. As an experiment, these kids set up a simple Web server
>with some assembly code embedded in the HTML page to overwrite the
>client computer's FAT table [sic]. Sure enough, it worked.
He might be talking about the (already fixed) bug that allowed an HREF
that is longer than 356 bytes to overwrite the stack. Hadn't heard
here that anything would happen other than getting Netscape to crash.
No names or URL's were given in the story. Maybe he needs an update.
Maybe we need an update.
Martin G. Diehl