Vulnerability Development: Re: res:// weirdness

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: res:// weirdness

From: Bill Weiss <bill_weiss () ATT NET>
Date: Wed, 16 Aug 2000 00:23:28 -0700

----- Original Message -----
From: "Markku-Juhani Saarinen" <mjos () CC JYU FI>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Tuesday, August 15, 2000 4:35 PM
Subject: res:// weirdness

Hi,

  I don't know whether this is new or not, but the following URL seems
  to totally blow up IE 5, opening new windows until system
  resources are exhausted. This applies at least to NT 4 boxes with
  IE 5.5.

    res://shdocvw.dll/http_404.htm#http://www.securityfocus.com/

  I found this basically while reading through SHDOCLC.DLL.

  If nothing special happens, try entering that url for the second time.
  Apparently cache is somehow involved with this thing.


Gave it a shot, and nothing happens on two test machines.  One running
NetCaptor (runs on top of IE 5.5), the other running IR 5.5 straight.  Both
running Windows 98 SE.

By Date By Thread

Current thread:

res:// weirdness Markku-Juhani Saarinen (Aug 15)
- Re: res:// weirdness Bluefish (P.Magnusson) (Aug 16)
  - Re: res:// weirdness Alex Schuetz (Aug 17)
- Re: res:// weirdness Bill Weiss (Aug 16)
- <Possible follow-ups>
- Re: res:// weirdness Markku-Juhani Saarinen (Aug 16)