The exploited orthogonal bugs strike back

the orthogonal bug adventures

We've already shown that any two orthogonal, completely unrelated bugs can be exploited together in synergy to wreak havoc far beyond the impact of either bug alone, as emergent behaviour.

This includes variants of either bug, of course.

This page demonstrates variations on the theme of emergent behaviour due to variations in the orthogonal bugs responsible, on Windows 95 and NT systems running Internet Explorer 4.0 or Internet Explorer 3.02 with Visual Studio on Intel Pentium processors. It exploits both the the return of the IE res-related hole and the well-known Pentium F00F bug. Change the processor or the browser, and the behaviour does not emerge.

If you are running Internet Explorer as described above, don't click on me! The result might contradict Microsoft's claim that no users are affected by this bug. (The META-HTTP reload has been removed from this page pending our move from httpd to apache, which returns a different response to users of other browsers that interrupts reading of this page.)

You can read the latest IE4.0 buffer overflow advisory and the official Intel Pentium invalid instruction erratum. Microsoft's ever-growing Internet Explorer security pages now include a patch for this problem.

Outlook Express users may also be at risk, as the same libraries are used for html parsing.

Please see our original earlier IE4.0 res overflow/Pentium orthogonal bug page for further demonstrations of the emergent behaviour of orthogonal bugs. We've since documented an IE4.0.1 object overflow problem.

Crashing Netscape or your Xserver is entirely possible with this page too. Browsers aren't very robust.

Media coverage of this page:


with
Powered by Spacesearch

Lloyd Wood (L.Wood@surrey.ac.uk)
last updated 2 April 1998

Where do you want to go today?