Vulnerability Development mailing list archives

Re: [bug]: Cause IE 5.X to crash

From: "Uidam, T (Tim)" <Tim.Uidam () SYD RABOBANK COM>
Date: Mon, 7 May 2001 12:09:45 +0800

Sorry, Typo!
Yes, confirm vulnerability does NOT exist when entering ftp://whatever//.#./
on the below mentioned system.

-----Original Message-----
From: Damian Menscher [mailto:menscher () uiuc edu]
Sent: Monday, 7 May 2001 13:08
To: Uidam, T (Tim)
Cc: VULN-DEV () SECURITYFOCUS COM
Subject: Re: [VULN-DEV] [bug]: Cause IE 5.X to crash

On Mon, 7 May 2001, Uidam, T (Tim) wrote:

NOT Vulnerable on IE 5.5 SP1 (no hotfixes) on WinNT 4 SP5.

Nope, not even the tiniest glitch. If a valid FTP address is put in place

of

"whatever" it simply displays the FTP root in the browser window.

Running ftp://whatever/.#./ from Start/Run launches IE, and displays

"cannot

Find Server" with ftp://whatever// in the address bar.

-----Original Message-----
From: Elie Aka Lupin Bursztein [mailto:secu () BURSZTEIN NET]
Sent: Saturday, 5 May 2001 8:35
To: VULN-DEV () SECURITYFOCUS COM
Subject: [bug]: Cause IE 5.X to crash

the following url Crash IE : "ftp://whatever//.#./";


Uhh, note that you're trying
ftp://whatever/.#./
and the OP said to try
ftp://whatever//.#./
              ^^
Could you confirm that you tried it with TWO slashes?

One slash doesn't crash IE 5.5 SP1 on NT4SP6 but two slashes does.

Damian Menscher
--
--==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## <menscher () uiuc edu> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--


==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.


==================================================================

Current thread:

Re: [bug]: Cause IE 5.X to crash Arthur Barton (May 07)
- <Possible follow-ups>
- Re: [bug]: Cause IE 5.X to crash Scott Fagg (May 07)
- Re: [bug]: Cause IE 5.X to crash Nick Jacobsen (May 07)
- Re: [bug]: Cause IE 5.X to crash Uidam, T (Tim) (May 09)
- FW: [bug]: Cause IE 5.X to crash Uidam, T (Tim) (May 10)
- Re: [bug]: Cause IE 5.X to crash Usman Akeju (May 11)
- Re: [bug]: Cause IE 5.X to crash Damian Menscher (May 11)
- Re: [bug]: Cause IE 5.X to crash Uidam, T (Tim) (May 11)