From: stewarts@ix.netcom.com
Date: Wed, 19 Nov 1997 05:04:21 +0800
To: cypherpunks@toad.com
Subject: Synergy between IE4 bug and Intel flaw
Message-ID: <3.0.3.32.19971118103354.006d70e8@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



RISKS DIGEST 19.46 http://catless.ncl.ac.uk/Risks/19.46.html     
has several articles on the Pentium F00FC7C8 bug.
Apparently there are workarounds for it, but there's also the article below.
(Also, Microsoft has supposedly issued a fix for the IE4 bug, 
but fat chance on everybody deploying it quickly enough.)
-----------------------------------------
Date: Wed, 12 Nov 1997 08:27:05 -0700 (MST)
From: Jonathan Levine <jonathan@canuck.com>
Subject: Synergy between IE4 bug and Intel flaw

By now I'm sure you've heard about this delightful synergy:
> ------- Forwarded Message
> Date:    Tue, 11 Nov 1997 06:53:45 -0500
> From:    "Per Hammer" <phammer@raleigh.ibm.com>
> Subject: New IE4 security hole exploited ...
> 
> http://www.wired.com/news/news/technology/story/8429.html
> 
> The deal is, if your use a 'RES://' URL that us longer than 256 characters,
> byte 257 onwards will be executed as machine code. Now ... think ...
> F0 0F C7 C8
> 
> Which is only slightly less malicious than deleting any files ...
> 
> Per Hammer  phammer@raleigh.ibm.com