Re: res:// weirdness

[Alex Schuetz <antitrack_legend () TELEWEB AT>]

I believe the res:// bug is the same as the shell://localhost bug, and yes it
DOES mess up the system.

Here is how you can verify some res:// or shell:// bugs weirdnesses :

1.) Install "ZoneAlarm" firewall
2.) Permanently disable the firewall (it has an option for that)
3.) start the res:// or shell:// bug by entering e.g. shell://localhost in IE5
as URL
(two times to be sure)
4.) Use your computer more than 30 minutes. It will trigger the firewall and
she will block _all_ traffic
5.) Even after reboot and _no_ subsequent entering of res:// or shell:// , the
firewall will block traffic every 30 minutes.

I've reported this already in this mailing list already, but nobody seems to
listen :-)

Yours

Alex :-)

--------------------------------------------------------------------


"Bluefish (P.Magnusson)" wrote:

> Windows 95 B, Swedish version (OSR 2.5 I believe it is)
> Internet Explorer 5.50.4134.0600, 128 bit cipher (english version)
> Both shdoclc.dll and shdocvw.dll contain the unicode string
> "ProductVersion 5.50.4134.600".
>
> All testing indicates the system is *not* to be vulnerable to the
> described bug.
>
> ..:::::::::::::::::::::::::::::::::::::::::::::::::..
>      http://www.11a.nu || http://bluefish.11a.nu
>     eleventh alliance development & security team
>
> On Wed, 16 Aug 2000, Markku-Juhani Saarinen wrote:
>
> > Hi,
> >
> >   I don't know whether this is new or not, but the following URL seems
> >   to totally blow up IE 5, opening new windows until system
> >   resources are exhausted. This applies at least to NT 4 boxes with
> >   IE 5.5.
> >
> >     res://shdocvw.dll/http_404.htm#http://www.securityfocus.com/
> >
> >   I found this basically while reading through SHDOCLC.DLL.
> >
> >   If nothing special happens, try entering that url for the second time.
> >   Apparently cache is somehow involved with this thing.
> >
> > - mj
> >
> > Markku-Juhani O. Saarinen <mjos () jyu fi>  University of Jyväskylä, Finland