|
Vulnerability Development
mailing list archives
Re: res:// weirdness
From: Alex Schuetz <antitrack_legend () TELEWEB AT>
Date: Tue, 15 Aug 2000 19:20:06 +0200
I believe the res:// bug is the same as the shell://localhost bug, and yes it
DOES mess up the system.
Here is how you can verify some res:// or shell:// bugs weirdnesses :
1.) Install "ZoneAlarm" firewall
2.) Permanently disable the firewall (it has an option for that)
3.) start the res:// or shell:// bug by entering e.g. shell://localhost in IE5
as URL
(two times to be sure)
4.) Use your computer more than 30 minutes. It will trigger the firewall and
she will block _all_ traffic
5.) Even after reboot and _no_ subsequent entering of res:// or shell:// , the
firewall will block traffic every 30 minutes.
I've reported this already in this mailing list already, but nobody seems to
listen :-)
Yours
Alex :-)
--------------------------------------------------------------------
"Bluefish (P.Magnusson)" wrote:
Windows 95 B, Swedish version (OSR 2.5 I believe it is)
Internet Explorer 5.50.4134.0600, 128 bit cipher (english version)
Both shdoclc.dll and shdocvw.dll contain the unicode string
"ProductVersion 5.50.4134.600".
All testing indicates the system is *not* to be vulnerable to the
described bug.
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
On Wed, 16 Aug 2000, Markku-Juhani Saarinen wrote:
Hi,
I don't know whether this is new or not, but the following URL seems
to totally blow up IE 5, opening new windows until system
resources are exhausted. This applies at least to NT 4 boxes with
IE 5.5.
res://shdocvw.dll/http_404.htm#http://www.securityfocus.com/
I found this basically while reading through SHDOCLC.DLL.
If nothing special happens, try entering that url for the second time.
Apparently cache is somehow involved with this thing.
- mj
Markku-Juhani O. Saarinen <mjos () jyu fi> University of Jyväskylä, Finland
 By Date 
By Thread
Current thread:
|
Intro
