Vulnerability Development mailing list archives
Re: Potential overflow in Internet Explorer
From: gregory duchemin <c3rb3r () HOTMAIL COM>
Date: Tue, 6 Feb 2001 20:33:47 -0000
hi, i noticed and have reported the same flaw on november 8 2000 on vuln-dev below the original mail i sent. Gregory ============== hi, I dunno if this one was previously reported, when entering an url with more than 280 chars, MSIE 5.00.2314.1003 crash with a dr watson because of an access violation. for example: http://ip/$$$$$.....$$$$$$$ (about 280) will crash with bad access to address 0x24 0x24 0x24 0x24 (0x24 = ascii $) it would be easy to insert win32 code inside the URI and force remote browser to execute it. note: this happened on NT 4.00.1381 server Gregory Duchemin NEUROCOM CANADA
From: Rio Martin <root () VBME NET> Reply-To: root () VBME NET To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Potential overflow in Internet Explorer Date: Tue, 6 Feb 2001 09:45:51 +0700 MIME-Version: 1.0 Received: from [66.38.151.7] by hotmail.com (3.2) with ESMTP id MHotMailBC49A3AB003340043189422697079E3B0; Tue Feb 06 12:04:00 2001 Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.7])by lists.securityfocus.com (Postfix) with ESMTPid 012C024D521; Tue, 6 Feb 2001 10:38:30 -0700 (MST) Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM (LISTSERV-TCP/IP release 1.8d) with spool id 24988959 for VULN-DEV () LISTS SECURITYFOCUS COM; Tue, 6 Feb 2001 10:38:03 -0700 Received: from securityfocus.com (mail.securityfocus.com [66.38.151.9]) by lists.securityfocus.com (Postfix) with SMTP id F11D224C494 for <vuln-dev () lists securityfocus com>; Tue, 6 Feb 2001 07:28:07 -0700 (MST) Received: (qmail 26817 invoked by alias); 6 Feb 2001 14:28:15 -0000 Received: (qmail 26814 invoked from network); 6 Feb 2001 14:28:15 -0000 Received: from c001-h008.c001.snv.cp.net (HELO c001.snv.cp.net) (209.228.32.122) by mail.securityfocus.com with SMTP; 6 Feb 2001 14:28:15 -0000 Received: (cpmta 15475 invoked from network); 6 Feb 2001 06:30:59 -0800 Received: from unknown (HELO fastnet02) (203.130.200.104) by smtp.vbme.net (209.228.32.122) with SMTP; 6 Feb 2001 06:30:59 -0800 From owner-vuln-dev () SECURITYFOCUS COM Tue Feb 06 12:05:16 2001 Approved-By: BlueBoar () THIEVCO COM Delivered-To: vuln-dev () lists securityfocus com Delivered-To: VULN-DEV () SECURITYFOCUS COM X-Sent: 6 Feb 2001 14:30:59 GMT References: <200102051812.KAA19345 () user7 hushmail com> X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Message-ID: <000f01c09049$e93d60a0$6600a8c0@fastnet02> Sender: VULN-DEV List <VULN-DEV () SECURITYFOCUS COM> Well, i found it after my computer used by my friend about three - four weeks ago. I am running IE5.0 SP1, Windows 98 2nd Ed. Dont know what he ve done with my computer but I also found that there is a long "A" file in my C:\ Rio Martin. www.rio-martin.com _ <joetesta () HUSHMAIL COM> wrote: | Rio Martin wrote: | | > Sorry, | > But I think this one is already known and quite old ... | > | > Rio Martin. | > www.rio-martin.com | | Even if it is already known and quite old, my machine remains vulnerable | although I've applied all patches. | | So far, no one has been able to reproduce this buffer overflow. Could | any particular person out there experienced with analyzing Internet | Explorer help? (Ahem... Georgi...) =] | | - Joe Testa
_________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Current thread:
- Re: Potential overflow in Internet Explorer, (continued)
- Re: Potential overflow in Internet Explorer William N. Zanatta (Feb 05)
- Re: Potential overflow in Internet Explorer Eric D. Williams (Feb 05)
- Re: Potential overflow in Internet Explorer Bojan Zdrnja (Feb 06)
- Re: Potential overflow in Internet Explorer Benjamin Branch (Feb 06)
- Re: Potential overflow in Internet Explorer Mike Sues (Feb 07)
- Re: Potential overflow in Internet Explorer Bojan Zdrnja (Feb 06)
- Re: Potential overflow in Internet Explorer Costa, Andrew (Feb 05)
- Re: Potential overflow in Internet Explorer Mike Duncan (Feb 05)
- Re: Potential overflow in Internet Explorer Arturo Busleiman (Feb 05)
- Re: Potential overflow in Internet Explorer joetesta (Feb 05)
- Re: Potential overflow in Internet Explorer Rio Martin (Feb 06)
- Re: Potential overflow in Internet Explorer gregory duchemin (Feb 06)
- Re: Potential overflow in Internet Explorer Lucien Fransman (Feb 07)