JScript can Crash IE 4.0x

JScript Can Crash IE 4.0x
Reported August 17, 1998 by Georgi Guninski and NTBugTraq


  • Microsoft Internet Explorer 4.0, 4.01, 4.01 SP1 on Windows 95 and Windows NT 4.0
  • Microsoft Windows 98


Microsoft Internet Explorer 4.0, 4.01 and 4.01 SP1 use the JScript Scripting Engine version 3.1 to process scripts on a web page. When Internet Explorer encounters a web page that uses JScript script to invoke the Window.External function with a very long string, Internet Explorer could terminate. Long strings do not normally occur in scripts and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious script message to run arbitrary computer code contained in the long string. In order for users to be affected by this problem, they must visit a web site that was intentionally designed to include a malicious script.


Load the patched Scripting Engine, available in various language formats, from this URL:

Be sure to read Microsoft"s Knowledge Base Article Q191200 on the matter:

To learn more about NT Security concerns, subscribe to NTSD

- Originally reported by Geogio Guninski
- Posted on The NT Shop on August 19, 1998
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.