Made in Holland PCP/A #0010 (pr0ph) Remote/Local DoS on I.E. 4.x I looked if this was a known vulnerability, but I could not find any info on it. Neither could my phriends & phoes in news://alt.hack.nl If this is a known vulnerability, then I give a bucket of credit to the original exploiters. It is possible to crash Internet Explorer 4.x by simply feeding it this link: ' ftp://: ' All open Internet Explorer/Explorer windows will close down and it will reset your "Active Desktop" (damn sh4m3). Opening ftp://: from applications like RealPlayer or Windows Media Player will result in the DoS on them aswell. Our friend, Dr. Watson, had this to say: "An appication error has occured and an application error log is being generated. explorer.exe [or Internet Explorer, depends on where you open it] Exception: access violation (0xc0000005), Address: 0x7020dd84" And Event Viewer told me: "The shell stopped unexpectedly and explorer.exe was restarted." A funny side-effect is that if you minimize your ICQ (probably works on some other applications aswell) after the crash it will completely dissapear. Its not on your screen anymore and you won't find it iin Task Manager/Applications either, yet its still active! It showed up in Task Manager/Processes. You can get it back by simply restarting ICQ, you'll get a message that "ICQ is already running" and then it'll show up again. Okay, the s00p3r 3xpl0!t: ftp://: (whoah) Or trigger it remote by using the infamous ICQ Greeting-card vulnerability. Put the following line in the body of your ICQ Greeting-card: <meta http-equiv="REFRESH" content="3; URL=ftp://:"> Yes, I know. IE 4 is old news, but its still widely used. I'm taking my time to upgrade to SP6/NT5, and I know I shouldn't. Future exploits will be comming from a more recent platform. Another fine Planet Cazzz Production/Advisory. In association with The Nations Top. We cannot be held responsible for your actions, but you can try. Made in Holland. PCP/A #0010 (pr0ph) We want to say hell0 to all the Crackers, the Hackers and the Phreax. We want to say hell0 to all the people in this place. We want to say hell0 to all the Sinners and 31337. We say hell0 to all the people in the world... -No Strezzz Cazzz If TCP/IP is the Pavement, HTTP is Cazzzoline...
This archive was generated by hypermail 2b30 : Mon May 14 2001 - 22:05:01 PDT