Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Microsoft's Explorer and Internet Explorer long share name buffer overflow.

From: psz () maths usyd edu au (Paul Szabo)
Date: Thu, 29 Apr 2004 08:58:46 +1000 (EST)
Tested on W2kSP4 (right-click MyComputer, Properties):

  Microsoft Windows 2000
  5.00.2195
  Service Pack 4

with IE6 (and noting that W2kSP3 behaved identically).

Going to  StartMenu > Run > \\hostname  behaves sensibly, showing all
shares; clicking on the long one says "The network name cannot be found".

However, going to  StartMenu > Run > \\IP.address  crashes explorer:

  Program Error
  explorer.exe has generated errors and will be closed by Windows.
  You will need to restart the program.
  An error log is being created.
  [Cancel]

(then explorer re-starts automatically and the button changes to [OK]). I
cannot see an EIP=41414141 (or 00410041) in file drwtsn32.log (in
C:\Documents and Settings\All Users\Documents\Dr Watson), but maybe it is
not telling the truth (or maybe I needed \\IP.address\sharename?).

Anyway, http://support.microsoft.com/?kbid=322857 lies when it says this is
fixed in W2kSP4; or maybe that KB article refers to a different problem: it
say the error should be "Access Violation", I got "Program Error".

Cheers,

Paul Szabo - psz () maths usyd edu au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: