Vulnerability Development mailing list archives

Re: its: recursion

From: shashi () TRAFFIC CO UK (Shashi Dookhee)
Date: Thu, 10 Feb 2000 04:49:41 -0000


The single its didnt kill me but the multiple one did!   And now my entire
machine is playing up!  Its very slow in everything it does..  For example,
I cant see what I am typing right now unless I minimise Outlook Express, and
reopen it!  When I ran it also, it didnt crash IE itself, it took Windows
Explorer with it...  But then I guess IE and Windows Explorer are virtually
one and same anywayz :P

I'm running Win98, with IE4...  Now I am gonna hafta reboot..  *grumblez*

Shash
UNIX Programmer/Senior Systems Administrator
Traffic Interactive Ltd

Tel:      (020) 7616 9039         Fax:  (020) 7616 9030
ISDN:  (020) 7616 9002          Mobile:  07803 760 315
Email:  shashi () traffic co uk   Web:  http://www.traffic.co.uk

-----Original Message-----
From: Blue Boar <BlueBoar () THIEVCO COM>
To: VULN-DEV () SECURITYFOCUS COM <VULN-DEV () SECURITYFOCUS COM>
Date: 10 February 2000 05:27
Subject: Re: its: recursion

Sean Burford wrote:


A single its://. href is enough to crash ie 5.00.2919.63071C for me.  I'm
running NT 4 SP6a.

Example: <A HREF="its://.">do not click me</A>

Put 37 concatenated "its:" strings as a target url and IE4 crashes
when trying to handle that url.. No I don't know if you wanted
to know this.
<a

href="its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:it
s:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:it
s:.">do

not click me</a>


On Win98, the single one doesn't do anything, but the 37 together crash
IE.
Netscape doesn't care.  My IE help:about says 5.00.2919.6307 .

BB

Current thread:

Re: its: recursion Alex (Feb 09)
- <Possible follow-ups>
- Re: its: recursion Shashi Dookhee (Feb 09)
  - Re: its: recursion Usman (Feb 10)
    - Re: its: recursion su (Feb 11)
- Re: its: recursion Lamoglia, Marcelo (Feb 14)