Re: [bug]: Cause IE 5.X to crash

["Uidam, T (Tim)" <Tim.Uidam () SYD RABOBANK COM>]

Thanks to all who picked me up on that, but I definitely tested it (and then
re-tested) with two slashes, not just one... sorry for the confusion, just a
typo...

Anyway, I have a theory behind why mine (and others) didn't crash when
receiving the dodgy URL:
I do *not* have the Internet Explorer's Browsing Enhancements installed...
that's the part that renders FTP sites to look like the typical Explorer
file system...

Considering that IE's Browsing Enhancements tries so hard to interact with
the system explorer (and fails at it's job of being an FTP client so
often!), it's kinda not suprising that it crashes with an invalid request
like that...

I don't have a machine handy that i can test the Before/After effects of
installing IE Browsing Enhancement... perhaps someone could get back the the
list with their results? :)

Hope this helps :)

Regards,
Tim.

-----Original Message-----
From: Usman Akeju [mailto:manus () MIT EDU]
Sent: Tuesday, 8 May 2001 19:42
Cc: Uidam, T (Tim); VULN-DEV () securityfocus com
Subject: Re: [bug]: Cause IE 5.X to crash


Hey all,

Tim Uidam and Nick Jacobsen:

Note the "//" after the server name (TWO slashes)..

ftp://whatever/.#./ != ftp://whatever//.#./
                                      ^
I tried this and some other weird stuff on my box and discovered that simply
typing or pasting any form of ftp://*//#./ OR ftp://*//?./ (leading "." is
unnecessary, and "?" works in place of "#") into IE's Address Bar will cause
a crash, though without the trailing slash or some form of AutoComplete
enabled (which is the way it would crash by just typing it, for some reason)
it would require pressing the Enter key before anything happened.

Also, some of the "weird stuff" I tried involved other protocols, but
nothing
else I tried worked-- except for ANY "<n>ftp://"; protocol (existant/standard
or not), where <n> is any single letter or number, though the crash would
occur only after pressing the Enter key.  This suggests that msieftp.dll
needs some serious recoding or patching by the MS software team.  Maybe it's
not completely RFC 2396/2718 compliant?

I was unable to reproduce this behavior via Start->Run at all.

Running Win98SE 4.10.2222A using IE 5.50.4522.1800 SP1
                                 +Q297328,q283908,Q286045,q290108,Q286043

On an unrelated(?) note (ie., more "weird stuff"), when testing IE's
"file://" protocol for this bug, I created the folder "c:\windows\desktop\#"
and typed in "file:///C|\windows\desktop\#" which worked fine and opened the
folder in the browser window.  I also tried it with a trailing slash
("file:///C|\windows\desktop\#\"), and got an error message saying that
Windows could not find the directory, which doesn't happen for any other
directory (though I haven't tested all of the strange folder/filename
possibilities).  I thought it was a bit strange.

On definitely unrelated note.. what's with IE's interperetation of the URL:
 about:<meta%20http-equiv="refresh"%20content="0;url=about:<meta%20http-
       equiv=refresh%20content=0;url='Insert_TEXT_or_HTML_here'">
?

The result is pretty funky (refreshes until URI reaches 2083 characters).
Heh.. fun with recursion.

-Us
;]

-------- Original Message --------
Subject: Re: [bug]: Cause IE 5.X to crash
Date: Mon, 7 May 2001 08:07:45 +0800
From: "Uidam, T (Tim)" <Tim.Uidam () SYD RABOBANK COM>
Reply-To: "Uidam, T (Tim)" <Tim.Uidam () SYD RABOBANK COM>
To: VULN-DEV () securityfocus com

NOT Vulnerable on IE 5.5 SP1 (no hotfixes) on WinNT 4 SP5.

Nope, not even the tiniest glitch. If a valid FTP address is put in place of
"whatever" it simply displays the FTP root in the browser window.

Running ftp://whatever/.#./ from Start/Run launches IE, and displays "cannot
Find Server" with ftp://whatever// in the address bar.


Hope this helps! :)

Tim.

==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.


==================================================================