Vulnerability Development mailing list archives

Re: Potential overflow in Internet Explorer

From: Bojan Zdrnja <Bojan.Zdrnja () FER hr>
Date: Tue, 6 Feb 2001 10:19:34 +0100

I tryed the same on my Windows 2K machine.
I found out that IE doesn't let you enter more then 2048 characters in
Address field (this is probably some protection against buffer overruns). I
will test it on other machines and let you know.
Interesting thing is that I tested it on server which had apache running on
and I got same message as Felipe Franciosi, about Forbidden message.

Bojan Zdrnja

IT/Security Consultant
Faculty of EE and CS, Zagreb, Croatia

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On
Behalf Of Eric
D. Williams
Sent: 5. veljaea 2001 17:46
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: Potential overflow in Internet Explorer


I was able to reproduce on Windows NT 4.0

System:

      Microsoft Windows NT
      4.00.1301 (SP6 + all relevant Fixes)
      IE 5 5.00.3105.0106 (SP2 etc.)

http://www.thewebserver.com/[aaaaaaaaaaaaaaaaaaa (and lots of
'a's didn't count
yet)

0x61616161 on the Call Stack (bad sign :)

Eric

On Saturday, February 03, 2001 2:13 PM, Robbert Muller
[SMTP:mjrider () ENSCHEDE COM] wrote:

On Mon, Jan 29, 2001 at 08:12:20PM -0800,

joetesta () HUSHMAIL COM wrote:

<SNIP>

    I am using version 5.50.4522.1800 on Win98 SE with

all critical updates

installed.  I attempted to reproduce this crash on three

other machines

without success.  Their version numbers where:

        5.00.2614.3500,
        5.50.4134.0100,
        5.50.4134.0600

    It seems as though this may be some sort of regression error,
bad mix of software, or both.  Can anyone else reproduce this?

5.504522.1800 (Winme+all updates) doesn't crash


--
Robbert Muller           | Never let a luser on your console.
mjrider@enschede dot com | Because that means they're in your room.
uin: 9659330             | finger mjrider () mjrider student utwente nl
PGP-key 0x2F634245       | for the PGP key

Current thread:

Re: Potential overflow in Internet Explorer, (continued)
- Re: Potential overflow in Internet Explorer Robbert Muller (Feb 04)
- Re: Potential overflow in Internet Explorer Wouter Clarie (Feb 04)
- Re: Potential overflow in Internet Explorer Lord Soth (Feb 04)
- Re: Potential overflow in Internet Explorer Christopher Kunz (Feb 04)
- Re: Potential overflow in Internet Explorer Rio Martin (Feb 05)
- Re: Potential overflow in Internet Explorer Felipe Franciosi (Feb 05)
  - Message not available
    - Re: Potential overflow in Internet Explorer Felipe Franciosi (Feb 06)
    - Re: Potential overflow in Internet Explorer Mike Fedyk (Feb 22)
- Re: Potential overflow in Internet Explorer William N. Zanatta (Feb 05)
- Re: Potential overflow in Internet Explorer Eric D. Williams (Feb 05)
  - Re: Potential overflow in Internet Explorer Bojan Zdrnja (Feb 06)
    - Re: Potential overflow in Internet Explorer Benjamin Branch (Feb 06)
    - Re: Potential overflow in Internet Explorer Mike Sues (Feb 07)
- Re: Potential overflow in Internet Explorer Costa, Andrew (Feb 05)
  - Re: Potential overflow in Internet Explorer Mike Duncan (Feb 05)
  - Re: Potential overflow in Internet Explorer Arturo Busleiman (Feb 05)
- Re: Potential overflow in Internet Explorer joetesta (Feb 05)
  - Re: Potential overflow in Internet Explorer Rio Martin (Feb 06)
- Re: Potential overflow in Internet Explorer gregory duchemin (Feb 06)
- Re: Potential overflow in Internet Explorer Lucien Fransman (Feb 07)