Re: res:// weirdness

[Markku-Juhani Saarinen <mjos () CC JYU FI>]

Hi,

  I'd like to suggest that people who have a configuration that *is*
  vulnerable to this problem would report it to me, as many IE / NT
  installations appear not to be vulnerable. I'm trying to figure out the
  pattern.

  However, configurations exist where this problem can be repeatedly
  demonstrated (after reboot etc). I have two such systems in my room
  right now.

  There is no point in reporting "everything is ok" to the list in this
  case.

Cheers,
- mj

Markku-Juhani O. Saarinen <mjos () jyu fi>  University of Jyväskylä, Finland



Bluefish:

|Windows 95 B, Swedish version (OSR 2.5 I believe it is)
|Internet Explorer 5.50.4134.0600, 128 bit cipher (english version)
|Both shdoclc.dll and shdocvw.dll contain the unicode string
|"ProductVersion 5.50.4134.600".
|
|All testing indicates the system is *not* to be vulnerable to the
|described bug.

(..)

I wrote:

|>   I don't know whether this is new or not, but the following
|>   URL seems to totally blow up IE 5, opening new windows until system
|>   resources are exhausted. This applies at least to NT 4 boxes with
|>   IE 5.5.
|>
|>     res://shdocvw.dll/http_404.htm#http://www.securityfocus.com/