Closes my IE right out too, I'm using XP, IE version 6.0.2600.0000 somethin somethin. I have a question for you, how would you be able to use this maliciously? I mean, regardless the person would have to click the link, in one form or another, and speaking non maliciously, why does it matter? What are the chances someone that isn't Greek is going to use a string of Greek characters that long? -Darke ----- Original Message ----- From: "MegaHz" <adminat_private> To: <vuln-devat_private>; <bugtraqat_private>; <vulnwatchat_private> Cc: <securityat_private> Sent: Tuesday, April 16, 2002 2:40 AM Subject: [VulnWatch] greek characters buffer overflow, AGAIN! > > One year ago I discovered a buffer overflow in the address bar of IE 5.0 using greek characters, look at: > http://www.cyhackportal.com/modules.php?name=News&file=article&sid=81 > > > Today I discover this: > http://www.bestbuy.com.cy/cgi-bin/buy.storefront/<<<\x1388>>>/Product/View/C MPL_00_GDXbox > > (do not use: <<<,>>>) > and yes, Internet explorer, exited by itself. Very strange. I don't know why, pls try that > I uploaded here a sample html, > http://megahz.cyhackportal.com/hey.html > > I test it out on 3 pcs I have at my work, but there was only one that seemed to have the bug, and resolve on closing the IE. > > maybe is bestbuy's problem, and the software they use, > the original url was: > http://www.bestbuy.com.cy/cgi-bin/buy.storefront/3cbbef7d0794c70e27a4c30e950 106f2/Product/View/CMPL_00_GDXbox > > > maybe is storefronts problem... > > > pls test it out, and let me know, > > > > Thank you, > > > /* > * Andreas Constantinides (MegaHz) > * http://www.cyhackportal.com > * > */ >
This archive was generated by hypermail 2b30 : Tue Apr 16 2002 - 18:42:24 PDT