Thanks to all who picked me up on that, but I definitely tested it (and then re-tested) with two slashes, not just one... sorry for the confusion, just a typo... Anyway, I have a theory behind why mine (and others) didn't crash when receiving the dodgy URL: I do *not* have the Internet Explorer's Browsing Enhancements installed... that's the part that renders FTP sites to look like the typical Explorer file system... Considering that IE's Browsing Enhancements tries so hard to interact with the system explorer (and fails at it's job of being an FTP client so often!), it's kinda not suprising that it crashes with an invalid request like that... I don't have a machine handy that i can test the Before/After effects of installing IE Browsing Enhancement... perhaps someone could get back the the list with their results? :) Hope this helps :) Regards, Tim. -----Original Message----- From: Usman Akeju [mailto:manusat_private] Sent: Tuesday, 8 May 2001 19:42 Cc: Uidam, T (Tim); VULN-DEVat_private Subject: Re: [bug]: Cause IE 5.X to crash Hey all, Tim Uidam and Nick Jacobsen: Note the "//" after the server name (TWO slashes).. ftp://whatever/.#./ != ftp://whatever//.#./ ^ I tried this and some other weird stuff on my box and discovered that simply typing or pasting any form of ftp://*//#./ OR ftp://*//?./ (leading "." is unnecessary, and "?" works in place of "#") into IE's Address Bar will cause a crash, though without the trailing slash or some form of AutoComplete enabled (which is the way it would crash by just typing it, for some reason) it would require pressing the Enter key before anything happened. Also, some of the "weird stuff" I tried involved other protocols, but nothing else I tried worked-- except for ANY "<n>ftp://" protocol (existant/standard or not), where <n> is any single letter or number, though the crash would occur only after pressing the Enter key. This suggests that msieftp.dll needs some serious recoding or patching by the MS software team. Maybe it's not completely RFC 2396/2718 compliant? I was unable to reproduce this behavior via Start->Run at all. Running Win98SE 4.10.2222A using IE 5.50.4522.1800 SP1 +Q297328,q283908,Q286045,q290108,Q286043 On an unrelated(?) note (ie., more "weird stuff"), when testing IE's "file://" protocol for this bug, I created the folder "c:\windows\desktop\#" and typed in "file:///C|\windows\desktop\#" which worked fine and opened the folder in the browser window. I also tried it with a trailing slash ("file:///C|\windows\desktop\#\"), and got an error message saying that Windows could not find the directory, which doesn't happen for any other directory (though I haven't tested all of the strange folder/filename possibilities). I thought it was a bit strange. On definitely unrelated note.. what's with IE's interperetation of the URL: about:<meta%20http-equiv="refresh"%20content="0;url=about:<meta%20http- equiv=refresh%20content=0;url='Insert_TEXT_or_HTML_here'"> ? The result is pretty funky (refreshes until URI reaches 2083 characters). Heh.. fun with recursion. -Us ;] -------- Original Message -------- Subject: Re: [bug]: Cause IE 5.X to crash Date: Mon, 7 May 2001 08:07:45 +0800 From: "Uidam, T (Tim)" <Tim.Uidamat_private> Reply-To: "Uidam, T (Tim)" <Tim.Uidamat_private> To: VULN-DEVat_private NOT Vulnerable on IE 5.5 SP1 (no hotfixes) on WinNT 4 SP5. Nope, not even the tiniest glitch. If a valid FTP address is put in place of "whatever" it simply displays the FTP root in the browser window. Running ftp://whatever/.#./ from Start/Run launches IE, and displays "cannot Find Server" with ftp://whatever// in the address bar. Hope this helps! :) Tim. ================================================================== De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. ================================================================== The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. ==================================================================
This archive was generated by hypermail 2b30 : Wed May 09 2001 - 13:44:10 PDT