Just one more flaw in 5.5 I guess 5.00.3103.1000 Win2K SP1 Page cannot be displayed, no crash... http://: no crash gopher://: crashes gopher://:123 no crash Debugging the gopher one, disassembly shows it crapped out on: 6303F75B mov byte ptr [eax+ecx],bl Jon Zobrist Manager Information Systems Avaltus, Inc. 801-303-2101 kgbat_private ----- Original Message ----- From: "Russ Spooner" <labratat_private> To: <VULN-DEVat_private> Sent: Wednesday, May 16, 2001 2:41 AM Subject: RE: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > There would seem to be many ways of getting IE5 to die > > Running 5.50.4522.1800 under win2Kpro sp1 > > tr the following for instance: > > http://:123/ > > > Not entirely useful unless you can cause malicious code to run on the > remote machine. > > I guess the payload could be part of the url... > > It is anoying though. > > - -----------------------------------------+ > Russ Spooner (Mobile : 07771 544971) | > Interrorem: Network Security Specialists | > Software vulnerability testing & defence | > Protecting business : www.interrorem.com | > > > > - -----Original Message----- > From: Fernando Merino Levadinha [mailto:chuckat_private] > Sent: 15 May 2001 22:42 > To: VULN-DEVat_private > Subject: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://: > > > Hi list, > > it's seem to be a new bug, i crashed my IE 5.x (5.50.4522.1800 SP1) > with > this URL: > > gopher://: > > it's like an older BUG in IE 4.x (ftp://:) > > regards, > > - -- > > Fernando Merino Levadinha > USJT Network Administrator > fernandoat_private - [icq] 7452105 > > PGP Fingerprint: A752 7473 A351 5D87 045D 3205 0C09 8C2F 4B99 0D20 > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBOwI9JFKMcg0VZCu/EQISVwCg/pfoKUZ8PAhz3wm+O2o8QI5qRiAAoLgp > 8dPaoTeVytIlOjUp7ij2hjj9 > =iQ1O > -----END PGP SIGNATURE----- > >
This archive was generated by hypermail 2b30 : Mon May 21 2001 - 10:24:40 PDT