Re: [bug]: Cause IE 5.X to crash

From: Uidam, T (Tim) (Tim.Uidamat_private)
Date: Sun May 06 2001 - 21:09:45 PDT

Next message: me me: "Re: How i DIDNT turn my CM into a sniffer"

Previous message: Damian Menscher: "Re: [bug]: Cause IE 5.X to crash"
Maybe in reply to: Elie Aka Lupin Bursztein: "[bug]: Cause IE 5.X to crash"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sorry, Typo!
Yes, confirm vulnerability does NOT exist when entering ftp://whatever//.#./
on the below mentioned system.

-----Original Message-----
From: Damian Menscher [mailto:menscherat_private]
Sent: Monday, 7 May 2001 13:08
To: Uidam, T (Tim)
Cc: VULN-DEVat_private
Subject: Re: [VULN-DEV] [bug]: Cause IE 5.X to crash

On Mon, 7 May 2001, Uidam, T (Tim) wrote:

> NOT Vulnerable on IE 5.5 SP1 (no hotfixes) on WinNT 4 SP5.
>
> Nope, not even the tiniest glitch. If a valid FTP address is put in place
of
> "whatever" it simply displays the FTP root in the browser window.
>
> Running ftp://whatever/.#./ from Start/Run launches IE, and displays
"cannot
> Find Server" with ftp://whatever// in the address bar.
>
> -----Original Message-----
> From: Elie Aka Lupin Bursztein [mailto:secuat_private]
> Sent: Saturday, 5 May 2001 8:35
> To: VULN-DEVat_private
> Subject: [bug]: Cause IE 5.X to crash
>
> the following url Crash IE : "ftp://whatever//.#./"

Uhh, note that you're trying
ftp://whatever/.#./
and the OP said to try
ftp://whatever//.#./
              ^^
Could you confirm that you tried it with TWO slashes?

One slash doesn't crash IE 5.5 SP1 on NT4SP6 but two slashes does.

Damian Menscher
--
--==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## <menscherat_private> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--

==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.

==================================================================

Next message: me me: "Re: How i DIDNT turn my CM into a sniffer"
Previous message: Damian Menscher: "Re: [bug]: Cause IE 5.X to crash"
Maybe in reply to: Elie Aka Lupin Bursztein: "[bug]: Cause IE 5.X to crash"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 11 2001 - 06:49:12 PDT