Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://:

Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://:

From: Bruno Mosconi <bmosconi_at_fnazca.com.br>
Date: Mon, 21 May 2001 13:28:45 -0300

Using IE5.5 on NT4 box:
ftp://*//#./ Gives me the gopher effect

as I'm running MS Visual C++, it says:
Unhandled exception in IEXPLRER.EXE (MSIEFTP.DLL): OxCooooooo5: Access
Violation

on disassembler:
error on:
77F762E8 CC int 3
7120B8DC 80 38 00 cmp byte ptr [eax], 0

[]s Bruno Mosconi

----- Original Message -----
From: "Marius Huse Jacobsen" <mahuja_at_c2i.net>
To: <VULN-DEV_at_SECURITYFOCUS.COM>
Sent: Sunday, May 20, 2001 6:25 PM
Subject: Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://:

>
> From: "Marius Huse Jacobsen" <mahuja_at_c2i.net> on 20/05/2001 23:25 ZE2
>
> To: <VULN-DEV_at_SECURITYFOCUS.COM>
> cc:
> Subject: Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> For reference, I'm using IE 5.50.4134.0100
>
>
> From: "Fernando Merino Levadinha" <chuck_at_bn.com.br>
> > Hi list,
> >
> > it's seem to be a new bug, i crashed my IE 5.x (5.50.4522.1800 SP1)
> > with this URL:
> >
> > gopher://:
>
> Puts IE into a loop, that seems to spawn new threads all of the time.
> The longer it stays, the slower the computer gets, until IE (or just
> that window, not sure) is shut down. No real crashes though.
>
> > it's like an older BUG in IE 4.x (ftp://:)
>
> ftp://: does nothing for me. (cannot find, make sure the address
> is correct)
>
>
> From: "Uidam, T (Tim)" <Tim.Uidam_at_SYD.RABOBANK.COM>
> > Didn't crash on mine, just like the FTP one doesn't crash on
> > mine... As i said before, i _suspect_ that this is because i do NOT
> > have the IE Browsing enhancements installed... you know the one
> > that displays FTP sites like explorer...
>
> I have 'em.
>
> ftp://*//#./ Gives me the gopher effect.
>
>
> From: "Kayne Ian (Softlab)" <Ian.Kayne_at_softlab.co.uk>
> > I tried test://:, it did nothing. Typing me://: auto-corrected the
> > url to mk://:, if anyone knows what that is?
> >
> > So, just for a laugh I typed hello://: which auto-corrected to
> > shell://:
>
> It doesn't know those protocols on my comp.
>
> Anyway, I think I have some idea of why the "shell:" acts like it
> does. It spawns a window for each shell it gets an address to, with
> ';' as a separator?
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.1
>
> iQA/AwUBOwg17ailjHbgv3neEQK8YQCdHNvrkDjm56Y5jzCUCdZPySeHkcQAn00u
> 4soqvGEnA2kAJOD/3KwkR0hy
> =KSkk
> -----END PGP SIGNATURE-----
>
>
>
>
Received on May 22 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]