JScript Can Crash IE 4.0x
Microsoft Internet Explorer 4.0, 4.01 and 4.01 SP1 use the JScript Scripting Engine version 3.1 to process scripts on a web page. When Internet Explorer encounters a web page that uses JScript script to invoke the Window.External function with a very long string, Internet Explorer could terminate. Long strings do not normally occur in scripts and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious script message to run arbitrary computer code contained in the long string. In order for users to be affected by this problem, they must visit a web site that was intentionally designed to include a malicious script.
Load the patched Scripting Engine, available in various language formats, from this URL:
Be sure to read Microsoft"s Knowledge Base Article Q191200 on the matter:
To learn more about NT Security concerns, subscribe to NTSDCredits
- Originally reported by Geogio Guninski
- Posted on The NT Shop on August 19, 1998