Windows Explorer still vulnerable to ftp request buffer overflow

[ByteRage <byterage () YAHOO COM>]

Systems affected : Windows systems with Internet
Explorer 5.0 & 5.5
Original bug report for Internet Explorer 5.0 by :
Shane Hird

I recently found that windows (internet) explorer is
vulnerable to a buffer overflow when browsing to an
URL like :
ftp://ftphost.com/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/

(in this case ftphost.com signifies an ftp host the
system can login to, it could also be in the form
user:password@ftphost)

This buffer overflow can also be exploited via html
tags like <A HREF="insert URL here">CLICKME</A>
or javascript source like : <SCRIPT>location="insert
URL here";</SCRIPT>

The initial bug report on this issue was already
written by Shane Hird for IE5.0, but the bug still
seems to persist on Internet Explorer 5.5
(5.50.4134.0600) systems, as internet explorer is
still using the vulnerable version (5.00.2134.1000) of
MSIEFTP.DLL.

The buffer overflow doesnt seem to be easily
exploited, making this a low security risk
nonetheless.

======================================================
[ByteRage] <byterage () yahoo com> [www.byterage.cjb.net]
======================================================

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/