Vulnerability Development mailing list archives
IE, again..
From: "Leo R. Lundgren" <leo () finalresort org>
Date: Tue, 29 May 2001 23:08:17 +0200
y0, well, im not all that much into software engineering atm, so this is pretty brief. anyhow, i played with IE a bit, and if i in the url-field give it as many ''´s as possible, along with a valid protocol, it crashes with an acces violation. http://<many ´s...> or telnet://<many ´s...> for example. when i do this, and look in the status bar, it says its searching for 'â,¬'. i dunno but a thought that arises is that it craches cuz of the expanding in this (one becoming those three chars, seemingly after any checks(?), three times bigger than expected and they dont have checks for that?) (just tested making a document with a link to this in it) it seems that if you make a plain .html document with a link to http:// and load it (in this case locally), and click the link, nothing happens except that it searches for a site named "those three chars". if i expand the link to contain MANY (more than the limit of the urlfield) ´s, nothing happens when i try to activate the link. if i on the other side make the link just as long as would fit in the urlfield, ie tries to goto it and crashes :) havent bothered trying anything than those three combinations. well, pretty badly reported but anyhow, if you find it interesting, play with it. as i said i havent really, didnt even check the registers et al.. this version of IE is 5.00.2314.1003, running on an NT4wks with sp5. Regards, Leo R. Lundgren Cellular: +46 (0)70 - 26 75 619 E-mail: leo () finalresort org
Current thread:
- IE, again.. Leo R. Lundgren (May 29)