Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Potential overflow in Internet Explorer

From: Mike Duncan <duncan () RANDOMTASK NET>
Date: Mon, 5 Feb 2001 13:58:56 -0500
I have tried this on my ...
 * Dell 600MHz/128MB RAM
 * Win2K Prof. Version 5.0 (build 2195) + SP1
 * Internet Explorer 5.50.4522.1800 Cipher 128-bit
... and got no special result. (Just a 404)

One note though: At work, we have found that the maximum
amount of data that can be inserted into the IE5.5 Address Bar and sent is
~1068 Bytes. We found this out because we were trying to build pages
from a database and ended up getting only 3/4 of the pages.




On Mon, 5 Feb 2001, Costa, Andrew wrote:


I am running 2K Prof. running IE 5.50.4134.0600, and this is what I found:

I went into Textpad, and pasted 24949 "A"s and appended that to
www.yahoo.com[

I got page cannot be found. I then took all the "A"s in the address bar, and
cut them out. I pasted them into Textpad, and it pasted in 2012 characters.
Apparently IE is doing something to reduce the chars.

Andrew
*****This information may be confidential and/or privileged. Use of this
information by anyone other than the intended recipient is prohibited.  If
you received this in error, please inform the sender and remove any record
of this message.*****



--
------------------------------------------
Mike Duncan
security () randomtask net
http://www.randomtask.net

FLOD: The World's Perfect Cube Of Fat
Also comes in glow-in-the-dark models.
 ** Don't accept any imitations. **
------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: