Vulnerability Development mailing list archives

Re: Win 2000 & IE 'shell://' problem?

From: office () SAPOSEN COM (office)
Date: Mon, 12 Jun 2000 12:21:34 +0900


Hi

On *Japanese edition* of Windows 2000 and Internet Explorer, the shell://
problem was tested and reporded at the BBS,
http://www.office.ac/tearoom/noframe.cgi

The Result:

Vulnerable:
Windows 2000 5.00.2195 + IE 5.00.2920.0000
Windows 2000 5.00.2195 + IE 5.50.4030.2400
Windows 2000 5.00.2195 Service Pack 1, RC 1.59 + IE 5.00.2920.0000(128-BIT SP1)
Windows 2000 Server 5.00.2195 + IE 5.00.2195.0000
Windows 2000 Pro 5.00.2195 + IE 5.00.2920.0000
Windows 2000 Pro 5.00.2195 + IE 5.50.4030.2400

Unvulnerable:
Windows 2000 5.00.2195 Service Pack 1 + NetscapeNavigator 4.08
Windows NT Server 4.0 SP6a + IE 5.00.2919.6307
Windows NT4.0 SP6a 4.00.1381 + IE 5.50.4030.2400
Windows 98 Second Edition 4.10.2222 A + IE 5.50.4030.2400
windows 95 ＋ Netscape Navigator 4.6

(windows 98 wasn't effected 30 minutes later)

Thanks to the cooperators of this report,
xcorp proc-x () bigfoot com
Kojima kjm () rins ryukoku ac jp
KuniG kunig () saposen com
Hitomi hitomi () office ac
5super 5super () office ac
aiai redstar () orihime net
Kagemaru
Iwaki
Shiran
Ohmura yutaka () tama or jp

--
office
http://www.office.ac/

Current thread:

Re: Win 2000 & IE 'shell://' problem? Blue Boar (May 31)
- <Possible follow-ups>
- Fwd: Re: Win 2000 & IE 'shell://' problem? Aaron Kelley (Jun 01)
- Re: Win 2000 & IE 'shell://' problem? Chris Hall (Jun 01)
- Re: Win 2000 & IE 'shell://' problem? Alex Schuetz (Jun 02)
- Re: Win 2000 & IE 'shell://' problem? Nobu Hakeda (Jun 02)
- Re: Win 2000 & IE 'shell://' problem? Stephen John (Jun 02)
  - Warning! 'shell://' with win98 causes endless problems Alex Schuetz (Jun 03)
    - Re: Warning! 'shell://' with win98 causes endless problems nine (Jun 03)
  - shell:// shell:\\ shell: Cory Kantar (Jun 03)
  - JOLT2.C Cory Kantar (Jun 03)
- Re: Win 2000 & IE 'shell://' problem? office (Jun 11)