Vulnerability Development mailing list archives
Re: res:// weirdness
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Wed, 16 Aug 2000 14:03:42 +0200
Windows 95 B, Swedish version (OSR 2.5 I believe it is)
Internet Explorer 5.50.4134.0600, 128 bit cipher (english version)
Both shdoclc.dll and shdocvw.dll contain the unicode string
"ProductVersion 5.50.4134.600".
All testing indicates the system is *not* to be vulnerable to the
described bug.
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
On Wed, 16 Aug 2000, Markku-Juhani Saarinen wrote:
Hi,
I don't know whether this is new or not, but the following URL seems
to totally blow up IE 5, opening new windows until system
resources are exhausted. This applies at least to NT 4 boxes with
IE 5.5.
res://shdocvw.dll/http_404.htm#http://www.securityfocus.com/
I found this basically while reading through SHDOCLC.DLL.
If nothing special happens, try entering that url for the second time.
Apparently cache is somehow involved with this thing.
- mj
Markku-Juhani O. Saarinen <mjos () jyu fi> University of Jyväskylä, Finland
Current thread:
- res:// weirdness Markku-Juhani Saarinen (Aug 15)
- Re: res:// weirdness Bluefish (P.Magnusson) (Aug 16)
- Re: res:// weirdness Alex Schuetz (Aug 17)
- Re: res:// weirdness Bill Weiss (Aug 16)
- <Possible follow-ups>
- Re: res:// weirdness Markku-Juhani Saarinen (Aug 16)
- Re: res:// weirdness Bluefish (P.Magnusson) (Aug 16)