Bugtraq mailing list archives
IE6 SP1 - Click N Crash
From: ViPeR <viper31337 () yahoo co in>
Date: Tue, 15 Feb 2005 15:21:29 +0000 (GMT)
hi, Affected Software : Microsoft Internet Explorer Vulnerability : Remote DOS / Crash Tested On : MS IE 6.0 SP1, Win2K SP4, [up-to-date] according to windowsupdate.com Discovered by : Gregory R. Panakkal HomePage : http://www.crapware.tk Details ======= Pointing a link to the URI -> file://!:\ [replace ! with the character with ascii value for eg:- 0xA0]. Causes IE6-SP1 to crash, the illegal op occuring in user32.dll. Other special characters are also possible. Demo ==== A demonstration is available at the following URL. http://crapware.lx.ro/junkcode/security/ie-sp1-file-a0-crash.htm Greetz to ========= Rakesh Balasunder - r0ck@iNfy CK - Saitegog! :) rgds, Gregory R. Panakkal ________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony
Current thread:
- IE6 SP1 - Click N Crash ViPeR (Feb 15)
- Re: IE6 SP1 - Click N Crash is old news Berend-Jan Wever (Feb 15)
- <Possible follow-ups>
- Re: IE6 SP1 - Click N Crash Robert ONeal (Feb 17)