Re: [bug]: Cause IE 5.X to crash

From: Philip Stoev (philipat_private)
Date: Sun May 06 2001 - 09:08:14 PDT

Next message: R. van Buren: "Bug in Outlook Express 5.5"

Previous message: Derek Kwan: "Re: [bug]: Cause IE 5.X to crash"
In reply to: Stan: "Re: [bug]: Cause IE 5.X to crash"
Next in thread: Uidam, T (Tim): "Re: [bug]: Cause IE 5.X to crash"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, I was able to reproduce that on IE 6.00.2462.0000. It behaves exactly
as you put it.

Since hitting Enter is not requred to launch this, I suppose it is a parsing
issue at the level where the system decides what exactly have you typed, and
is not a problem in the FTP handling code. I disabled AutoComplete, however
it did not help, though I suppose it will not work on systems without
AutoComplete at all (such as Win95 with IE 3.0)

Also, note that if you use File -> Run, it is explorer.exe that crashes, and
not iexplore.exe. This implies that the problem is in some library or code
common to both. Probably the part that queries the registry to determine how
ftp:// urls are handled.

If you try with

ftp.whatever//.#./

, that is, no explicit protocol definition, it will only work after you hit
Enter, because it is after you hit Enter that Windows adds the ftp:// in
front (being told in the Registry that hosts starting with ftp. should be
treated as FTP sites)

Anyway, let Microsoft handle that.

Philip

----- Original Message -----
From: "Stan" <stanat_private>
To: <VULN-DEVat_private>
Sent: Sunday, May 06, 2001 2:01 PM
Subject: Re: [bug]: Cause IE 5.X to crash

> Hello,
>
> On my WinME computer only the IE window that is open will crash when
> going to ftp://whatever//.#./
> But when I type in ftp://whatever//.#./ and I backspace the first '.' then
all
> IE windows will close. This problem is also available when I type
> ftp://whatever//#./ and I add a '.' before the '#'. IE will close before
> having pressed
> the enter button. I noticed it also worked when I typed this at the
> start...run...
> you don't even have to click 'ok'.
>
> With regards,
>
> Stan a.k.a. ThePike
> stanat_private
> http://www.whizkunde.org
>
> At 00:34 5-5-2001 +0200, you wrote:
> >hello,
> >I have discover the last week end the following bug :
> >
> >Synopsis
> >--------------
> >
> >By putting this malformed link on a web page a malicious
> >user could crash all the IE windows. It also work by passing the link
> >directly into the address field of IE.

Next message: R. van Buren: "Bug in Outlook Express 5.5"
Previous message: Derek Kwan: "Re: [bug]: Cause IE 5.X to crash"
In reply to: Stan: "Re: [bug]: Cause IE 5.X to crash"
Next in thread: Uidam, T (Tim): "Re: [bug]: Cause IE 5.X to crash"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 06 2001 - 16:47:18 PDT