From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 18 Oct 95 17:48:54 PDT
To: cypherpunks@toad.com
Subject: Re: Media Accuracy
In-Reply-To: <9509188140.AA814053942@cc1.dttus.com>
Message-ID: <30859F7A.71B6@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Martin Diehl wrote:
> 
>      In the October 16, 1995 issue of PC Week, Spencer F. Katt writes:
> 
>      >Isn't it ironic?  Andreessen creates the WEB while in college; now
>      >college students are finding all the holes in it.  Two students have
>      >uncovered a serious bug in Netscape Navigator, one Katt source
>      >contends.  The browser has a 2K-byte buffer for reading HTML
>      >documents.  Well, these tipsters found that once the page has sent
>      >more than 2K, any assembly code in the HTML document will be
>      >executed.  As an experiment, these kids set up a simple Web server
>      >with some assembly code embedded in the HTML page to overwrite the
>      >client computer's FAT table [sic].  Sure enough, it worked.
> 
>      >spencer@pcweek.ziff.com
> 
>      He might be talking about the (already fixed) bug that allowed an HREF
>      that is longer than 356 bytes to overwrite the stack.  Hadn't heard
>      here that anything would happen other than getting Netscape to crash.
>      No names or URL's were given in the story.  Maybe he needs an update.
>      Maybe we need an update.

  As far as I can tell, this is just an inaccurate re-reporting of
Ray's buffer overflow hack, which we fixed in our security patch.
 
	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.