Full Disclosure mailing list archives

Re: Internet Explorer 6 DoS Bug


From: "Thor Larholm" <lists.netsys.com () jscript dk>
Date: Mon, 7 Jul 2003 20:59:48 +0200

Positively confirmed on 6.0.2800.1106.xpsp2.030422-1633 when entering C:\aux in
the Address Bar.

Seeing as the behavior of this scenario is inconsistent between list subscribers
with the same IE version, one could believe the bug is not in IE but in urlmon
or shellexecute somewhere.


Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

----- Original Message ----- 
From: <fabian.becker2 () epost de>
To: <full-disclosure () lists netsys com>
Sent: Monday, July 07, 2003 6:25 PM
Subject: [Full-disclosure] Internet Explorer 6 DoS Bug


Hi,
I found a bug in IE6 ón Windows XP with all Service Packs and Patches
installed:
If you enter C:\aux in the adressline of the IE (not EXPLORER,
InternetExplorer)
and hit enter, the window will freeze. This bug is simmilar to C:\con\con
but not as dagerous. But its the same reason, naimly that windows trys to
open aux, a hardware device in earlier windows versions.
I already sended an email to Microsoft but they said the bug wouldn't exist.

Bye

Fabian Becker (www.neonomicus.ionichost.com)
fabian.becker2 () epost de




________________________________________
Mehr Power für Ihre eMail - mit den neuen Leistungspaketen bei
http://www.epost.de


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: