Bugtraq: Re: [Full-Disclosure] RE: Internet Explorer

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [Full-Disclosure] RE: Internet Explorer - Multiple Vulnerabilities

From: "Berend-Jan Wever" <SkyLined () edup tudelft nl>
Date: Wed, 21 Jan 2004 14:47:57 +0100

I looked into the "buffer overflow": it's actually a stack overflow. This
means Outlook Express just runs out of stack space and terminates. Nothing
is overwritten, this is not exploitable to gain unauthorized access or
elevate priviledges.

Cheers,
SkyLined

These are not IE vulnerabilities.

In all, you have described several ways to do some basic ressource
exhaustion by using Internet Explorer as well as an abnomaly in the Apache
server and a possible exploitable buffer overflow in Outlook Express. The
latter is definitely interesting, provided it is exploitable at all, but

the

first items are not security vulnerabilities - details below.

By Date By Thread

Current thread:

Internet Explorer - Multiple Vulnerabilities Rafel Ivgi, The-Insider (Jan 20)
- <Possible follow-ups>
- RE: Internet Explorer - Multiple Vulnerabilities Thor Larholm (Jan 21)
  - Re: [Full-Disclosure] RE: Internet Explorer - Multiple Vulnerabilities Berend-Jan Wever (Jan 21)