Vulnerability Development mailing list archives
Re: Potential overflow in Internet Explorer
From: Bojan Zdrnja <Bojan.Zdrnja () FER hr>
Date: Tue, 6 Feb 2001 10:19:34 +0100
I tryed the same on my Windows 2K machine. I found out that IE doesn't let you enter more then 2048 characters in Address field (this is probably some protection against buffer overruns). I will test it on other machines and let you know. Interesting thing is that I tested it on server which had apache running on and I got same message as Felipe Franciosi, about Forbidden message. Bojan Zdrnja IT/Security Consultant Faculty of EE and CS, Zagreb, Croatia
-----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Eric D. Williams Sent: 5. veljaea 2001 17:46 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Potential overflow in Internet Explorer I was able to reproduce on Windows NT 4.0 System: Microsoft Windows NT 4.00.1301 (SP6 + all relevant Fixes) IE 5 5.00.3105.0106 (SP2 etc.) http://www.thewebserver.com/[aaaaaaaaaaaaaaaaaaa (and lots of 'a's didn't count yet) 0x61616161 on the Call Stack (bad sign :) Eric On Saturday, February 03, 2001 2:13 PM, Robbert Muller [SMTP:mjrider () ENSCHEDE COM] wrote:On Mon, Jan 29, 2001 at 08:12:20PM -0800,joetesta () HUSHMAIL COM wrote:<SNIP>I am using version 5.50.4522.1800 on Win98 SE withall critical updatesinstalled. I attempted to reproduce this crash on threeother machineswithout success. Their version numbers where: 5.00.2614.3500, 5.50.4134.0100, 5.50.4134.0600 It seems as though this may be some sort of regression error, bad mix of software, or both. Can anyone else reproduce this?5.504522.1800 (Winme+all updates) doesn't crash -- Robbert Muller | Never let a luser on your console. mjrider@enschede dot com | Because that means they're in your room. uin: 9659330 | finger mjrider () mjrider student utwente nl PGP-key 0x2F634245 | for the PGP key
Current thread:
- Re: Potential overflow in Internet Explorer, (continued)
- Re: Potential overflow in Internet Explorer Robbert Muller (Feb 04)
- Re: Potential overflow in Internet Explorer Wouter Clarie (Feb 04)
- Re: Potential overflow in Internet Explorer Lord Soth (Feb 04)
- Re: Potential overflow in Internet Explorer Christopher Kunz (Feb 04)
- Re: Potential overflow in Internet Explorer Rio Martin (Feb 05)
- Re: Potential overflow in Internet Explorer Felipe Franciosi (Feb 05)
- Message not available
- Re: Potential overflow in Internet Explorer Felipe Franciosi (Feb 06)
- Re: Potential overflow in Internet Explorer Mike Fedyk (Feb 22)
- Message not available
- Re: Potential overflow in Internet Explorer William N. Zanatta (Feb 05)
- Re: Potential overflow in Internet Explorer Eric D. Williams (Feb 05)
- Re: Potential overflow in Internet Explorer Bojan Zdrnja (Feb 06)
- Re: Potential overflow in Internet Explorer Benjamin Branch (Feb 06)
- Re: Potential overflow in Internet Explorer Mike Sues (Feb 07)
- Re: Potential overflow in Internet Explorer Bojan Zdrnja (Feb 06)
- Re: Potential overflow in Internet Explorer Mike Duncan (Feb 05)
- Re: Potential overflow in Internet Explorer Arturo Busleiman (Feb 05)
- Re: Potential overflow in Internet Explorer Rio Martin (Feb 06)