Vulnerability Development mailing list archives

Re: [bug]: Cause IE 5.X to crash

From: Damian Menscher <menscher () UIUC EDU>
Date: Sun, 6 May 2001 22:07:36 -0500

On Mon, 7 May 2001, Uidam, T (Tim) wrote:

NOT Vulnerable on IE 5.5 SP1 (no hotfixes) on WinNT 4 SP5.

Nope, not even the tiniest glitch. If a valid FTP address is put in place of
"whatever" it simply displays the FTP root in the browser window.

Running ftp://whatever/.#./ from Start/Run launches IE, and displays "cannot
Find Server" with ftp://whatever// in the address bar.

-----Original Message-----
From: Elie Aka Lupin Bursztein [mailto:secu () BURSZTEIN NET]
Sent: Saturday, 5 May 2001 8:35
To: VULN-DEV () SECURITYFOCUS COM
Subject: [bug]: Cause IE 5.X to crash

the following url Crash IE : "ftp://whatever//.#./";


Uhh, note that you're trying
ftp://whatever/.#./
and the OP said to try
ftp://whatever//.#./
              ^^
Could you confirm that you tried it with TWO slashes?

One slash doesn't crash IE 5.5 SP1 on NT4SP6 but two slashes does.

Damian Menscher
--
--==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## <menscher () uiuc edu> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--

Current thread:

Re: [bug]: Cause IE 5.X to crash Arthur Barton (May 07)
- <Possible follow-ups>
- Re: [bug]: Cause IE 5.X to crash Scott Fagg (May 07)
- Re: [bug]: Cause IE 5.X to crash Nick Jacobsen (May 07)
- Re: [bug]: Cause IE 5.X to crash Uidam, T (Tim) (May 09)
- FW: [bug]: Cause IE 5.X to crash Uidam, T (Tim) (May 10)
- Re: [bug]: Cause IE 5.X to crash Usman Akeju (May 11)
- Re: [bug]: Cause IE 5.X to crash Damian Menscher (May 11)
- Re: [bug]: Cause IE 5.X to crash Uidam, T (Tim) (May 11)