Bugtraq mailing list archives

Re: [Full-Disclosure] RE: Internet Explorer - Multiple Vulnerabilities

From: "Berend-Jan Wever" <SkyLined () edup tudelft nl>
Date: Wed, 21 Jan 2004 14:47:57 +0100

I looked into the "buffer overflow": it's actually a stack overflow. This
means Outlook Express just runs out of stack space and terminates. Nothing
is overwritten, this is not exploitable to gain unauthorized access or
elevate priviledges.

Cheers,
SkyLined

These are not IE vulnerabilities.

In all, you have described several ways to do some basic ressource
exhaustion by using Internet Explorer as well as an abnomaly in the Apache
server and a possible exploitable buffer overflow in Outlook Express. The
latter is definitely interesting, provided it is exploitable at all, but

the

first items are not security vulnerabilities - details below.

Current thread:

Internet Explorer - Multiple Vulnerabilities Rafel Ivgi, The-Insider (Jan 20)
- <Possible follow-ups>
- RE: Internet Explorer - Multiple Vulnerabilities Thor Larholm (Jan 21)
  - Re: [Full-Disclosure] RE: Internet Explorer - Multiple Vulnerabilities Berend-Jan Wever (Jan 21)