Full Disclosure mailing list archives
Re: Internet Explorer 6 DoS Bug
From: Spiro Trikaliotis <trikaliotis () ivs cs uni-magdeburg de>
Date: Tue, 8 Jul 2003 19:04:11 +0200
Hello brett, On Tue, Jul 08, 2003 at 02:42:30PM +1000, Brett Hutley wrote:
If you enter C:\aux in the adressline of the IE (not EXPLORER, InternetExplorer) and hit enter, the window will freeze. This bug is simmilar to C:\con\conThe problem seems to be related to whether you have permissions to access the AUX device or not. I couldn't freeze explorer on my notebook where I don't have permissions to the aux device, but could on a co-workers machine in which we could access the aux device from the command line.
a good point. My Win 2000 machine which did not have problems did not have any serial devices, so it's not very surprising that this was not a problem. On the other hand, my XP system, which had the problem, does own a serial port. For a quick test, I added a serial port on Com1: to the W2K machine and entered c:\aux again in IE6: It freezes, too. Could it be that the computers of the people who told us "no problems" 1. don't have a serial port, 2. don't have a COM1, 3. have a mouse on COM1, 4. have the debugger (WinDBG) on COM1, or 5. don't have a "real" COM1 but only a virtual one (for example, COM1 is a virtual device of the bluetooth device)? That could explain why there are not freezes. Furthermore, yesterday, I said that I had to log out for my machine to be operable again, since the explorer crashed, too, and did not restart again. With my tests today, I could not reproduce that part, explorer crashed while killing IE, but it restarted immediately. So, this could be unrelated. Just some more investigations from my side, Spiro.
Attachment:
_bin
Description:
Current thread:
- RE: Internet Explorer 6 DoS Bug, (continued)
- RE: Internet Explorer 6 DoS Bug Richard M. Smith (Jul 07)
- RE: Internet Explorer 6 DoS Bug Justin Shin (Jul 07)
- SV: Internet Explorer 6 DoS Bug Peter Kruse (Jul 08)
- RE: Internet Explorer 6 DoS Bug Richard M. Smith (Jul 08)
- Re: Internet Explorer 6 DoS Bug M. Osten (Jul 07)
- Re: Internet Explorer 6 DoS Bug Karl DeBisschop (Jul 07)
- Re: Internet Explorer 6 DoS Bug Brett Hutley (Jul 07)
- Re: Internet Explorer 6 DoS Bug Sebastian Niehaus (Jul 08)
- Re: Internet Explorer 6 DoS Bug Spiro Trikaliotis (Jul 08)
- Re: Internet Explorer 6 DoS Bug madsaxon (Jul 08)
- Revisited Internet Explorer 6 DoS Bug Peter Kruse (Jul 08)
- RE: Revisited Internet Explorer 6 DoS Bug Simon Lorentsen (Jul 08)
- The IE6 bug is nothing new... Justin Shin (Jul 07)
- Re: Internet Explorer 6 DoS Bug:add COM[n] ^Herman^ (Jul 14)