favicon.ico
file downloaded from a web site. By creating a icon file with bad
data, it's possible to crash MSIE 5. The stack is filled with
information from the icon file so it may be possible to create
an icon file with data which would end executing code on the client
machine.
The
Thefavicon.icoicon filefavicon.icofile is an icon file in the MS-proprietary icon file format. It is downloaded by MSIE 5 when the user asks it to add the page's URL to his/her "Favorites" list. When the user selects to add the URL, MSIE 5 downloads the file and shows the icon on the "Favorites" menu. The request for thefavicon.icofile is first done on the same path of the current URL. If the file is not found, MSIE 5 will try to get the file from the root directory of the web server. (e.g. if you try to bookmark this page, MSIE 5 will look forfavicon.icoinhttp://web.cip.com.br/flaviovs/sec/favicon/and, if the file cannot be found there,http://web.cip.com.br/).
favicon.ico
loading feature. Thus the only workaround is not to add any
non-trusted site to the "Favorites" list and wait for a
patch from Microsoft.
If you're using MSIE 5 with Javascript enabled, you can feel the bug in action. Otherwise just try to bookmark this page (note: this will crash your browser).
Here's the favicon.ico file
that triggers the bug. It's composed of an bogus header followed by
lots of "A" characters.
favicon.ico
File