Vulnerability Development mailing list archives
Fw: [VULN-DEV] [bug]: Cause IE 5.X to crash
From: "Vitaly Osipov" <vosipov () wolfegroup ie>
Date: Wed, 16 May 2001 11:40:09 +0100
it did not go through that time (when listserv had problems), so i repost it...
I asked a friend who likes playing with betas to check in on msie 6.0 -
the
result is crash, and the automated bug report says following: AppName: iexplore.exe AppVer: 6.0.2463.52 ModName: msieftp.dll ModVer: 5.50.4522.1800 Offset: 0000b8dc so it's the problem in msieftp.dll regards, W. ----- Original Message ----- From: "Uidam, T (Tim)" <Tim.Uidam () SYD RABOBANK COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Wednesday, May 09, 2001 6:29 AM Subject: Re: [VULN-DEV] [bug]: Cause IE 5.X to crashThanks to all who picked me up on that, but I definitely tested it (andthenre-tested) with two slashes, not just one... sorry for the confusion,
just
atypo... Anyway, I have a theory behind why mine (and others) didn't crash when receiving the dodgy URL: I do *not* have the Internet Explorer's Browsing Enhancements
installed...
that's the part that renders FTP sites to look like the typical Explorer file system... Considering that IE's Browsing Enhancements tries so hard to interact
with
the system explorer (and fails at it's job of being an FTP client so often!), it's kinda not suprising that it crashes with an invalid
request
like that... I don't have a machine handy that i can test the Before/After effects of installing IE Browsing Enhancement... perhaps someone could get back thethelist with their results? :) Hope this helps :) Regards, Tim. -----Original Message----- From: Usman Akeju [mailto:manus () MIT EDU] Sent: Tuesday, 8 May 2001 19:42 Cc: Uidam, T (Tim); VULN-DEV () securityfocus com Subject: Re: [bug]: Cause IE 5.X to crash Hey all, Tim Uidam and Nick Jacobsen: Note the "//" after the server name (TWO slashes).. ftp://whatever/.#./ != ftp://whatever//.#./ ^ I tried this and some other weird stuff on my box and discovered thatsimplytyping or pasting any form of ftp://*//#./ OR ftp://*//?./ (leading "."
is
unnecessary, and "?" works in place of "#") into IE's Address Bar willcausea crash, though without the trailing slash or some form of AutoComplete enabled (which is the way it would crash by just typing it, for somereason)it would require pressing the Enter key before anything happened. Also, some of the "weird stuff" I tried involved other protocols, but nothing else I tried worked-- except for ANY "<n>ftp://" protocol(existant/standardor not), where <n> is any single letter or number, though the crash
would
occur only after pressing the Enter key. This suggests that msieftp.dll needs some serious recoding or patching by the MS software team. Maybeit'snot completely RFC 2396/2718 compliant? I was unable to reproduce this behavior via Start->Run at all. Running Win98SE 4.10.2222A using IE 5.50.4522.1800 SP1
+Q297328,q283908,Q286045,q290108,Q286043
On an unrelated(?) note (ie., more "weird stuff"), when testing IE's "file://" protocol for this bug, I created the folder"c:\windows\desktop\#"and typed in "file:///C|\windows\desktop\#" which worked fine and openedthefolder in the browser window. I also tried it with a trailing slash ("file:///C|\windows\desktop\#\"), and got an error message saying that Windows could not find the directory, which doesn't happen for any other directory (though I haven't tested all of the strange folder/filename possibilities). I thought it was a bit strange. On definitely unrelated note.. what's with IE's interperetation of theURL:about:<meta%20http-equiv="refresh"%20content="0;url=about:<meta%20http- equiv=refresh%20content=0;url='Insert_TEXT_or_HTML_here'"> ? The result is pretty funky (refreshes until URI reaches 2083
characters).
Heh.. fun with recursion. -Us ;] -------- Original Message -------- Subject: Re: [bug]: Cause IE 5.X to crash Date: Mon, 7 May 2001 08:07:45 +0800 From: "Uidam, T (Tim)" <Tim.Uidam () SYD RABOBANK COM> Reply-To: "Uidam, T (Tim)" <Tim.Uidam () SYD RABOBANK COM> To: VULN-DEV () securityfocus com NOT Vulnerable on IE 5.5 SP1 (no hotfixes) on WinNT 4 SP5. Nope, not even the tiniest glitch. If a valid FTP address is put in
place
of"whatever" it simply displays the FTP root in the browser window. Running ftp://whatever/.#./ from Start/Run launches IE, and displays"cannotFind Server" with ftp://whatever// in the address bar. Hope this helps! :) Tim. ================================================================== De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. ================================================================== The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. ==================================================================
Current thread:
- Fw: [VULN-DEV] [bug]: Cause IE 5.X to crash Vitaly Osipov (May 16)