long url overflow in IE6 public preview on WinME

From: Joseph Mallett (jmallettat_private)
Date: Mon Aug 13 2001 - 17:57:27 PDT

Next message: Daniel Roethlisberger: "Fwd: ZyXEL Prestige 642 Router Administration Interface Vulnerability"

Previous message: Linux Mandrake Security Team: "MDKSA-2001:069 - openldap update"
Next in thread: Riemer Palstra: "Re: long url overflow in IE6 public preview on WinME"
Next in thread: Joseph Mallett: "Re: long url overflow in IE6 public preview on WinME"
Reply: Riemer Palstra: "Re: long url overflow in IE6 public preview on WinME"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Requesting the url:
http://srcsys.org//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

either by entering it into the address bar or redirection to it (via a 
CGI) causes IE6 public preview [on a winme machine with all windowsupdates 
installed as of yesterday] to crash with an "abnormal program exit".

I don't have a good enough knowledge to track down this overflow, etc., 
but I have emailed Microsoft with this information, and thought I would 
mention it here, if it might help speed up the process of finding the bug, 
finding out if it is a possible threat, etc.

Thanks,
/joseph

--
Joseph A. Mallett
http://srcsys.org

xMach Core Team, www.xMach.org

Next message: Daniel Roethlisberger: "Fwd: ZyXEL Prestige 642 Router Administration Interface Vulnerability"
Previous message: Linux Mandrake Security Team: "MDKSA-2001:069 - openldap update"
Next in thread: Riemer Palstra: "Re: long url overflow in IE6 public preview on WinME"
Next in thread: Joseph Mallett: "Re: long url overflow in IE6 public preview on WinME"
Reply: Riemer Palstra: "Re: long url overflow in IE6 public preview on WinME"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 08:02:57 PDT