|
Vulnerability Development
mailing list archives
Re: res:// weirdness
From: Markku-Juhani Saarinen <mjos () CC JYU FI>
Date: Wed, 16 Aug 2000 12:35:02 +0300
Hi,
I'd like to suggest that people who have a configuration that *is*
vulnerable to this problem would report it to me, as many IE / NT
installations appear not to be vulnerable. I'm trying to figure out the
pattern.
However, configurations exist where this problem can be repeatedly
demonstrated (after reboot etc). I have two such systems in my room
right now.
There is no point in reporting "everything is ok" to the list in this
case.
Cheers,
- mj
Markku-Juhani O. Saarinen <mjos () jyu fi> University of Jyväskylä, Finland
Bluefish:
|Windows 95 B, Swedish version (OSR 2.5 I believe it is)
|Internet Explorer 5.50.4134.0600, 128 bit cipher (english version)
|Both shdoclc.dll and shdocvw.dll contain the unicode string
|"ProductVersion 5.50.4134.600".
|
|All testing indicates the system is *not* to be vulnerable to the
|described bug.
(..)
I wrote:
|> I don't know whether this is new or not, but the following
|> URL seems to totally blow up IE 5, opening new windows until system
|> resources are exhausted. This applies at least to NT 4 boxes with
|> IE 5.5.
|>
|> res://shdocvw.dll/http_404.htm#http://www.securityfocus.com/
 By Date 
By Thread
Current thread:
- res:// weirdness Markku-Juhani Saarinen (Aug 15)
- <Possible follow-ups>
- Re: res:// weirdness Markku-Juhani Saarinen (Aug 16)
|
Intro
