Vulnerability Development mailing list archives
Re: res:// weirdness
From: Markku-Juhani Saarinen <mjos () CC JYU FI>
Date: Wed, 16 Aug 2000 12:35:02 +0300
Hi, I'd like to suggest that people who have a configuration that *is* vulnerable to this problem would report it to me, as many IE / NT installations appear not to be vulnerable. I'm trying to figure out the pattern. However, configurations exist where this problem can be repeatedly demonstrated (after reboot etc). I have two such systems in my room right now. There is no point in reporting "everything is ok" to the list in this case. Cheers, - mj Markku-Juhani O. Saarinen <mjos () jyu fi> University of Jyväskylä, Finland Bluefish: |Windows 95 B, Swedish version (OSR 2.5 I believe it is) |Internet Explorer 5.50.4134.0600, 128 bit cipher (english version) |Both shdoclc.dll and shdocvw.dll contain the unicode string |"ProductVersion 5.50.4134.600". | |All testing indicates the system is *not* to be vulnerable to the |described bug. (..) I wrote: |> I don't know whether this is new or not, but the following |> URL seems to totally blow up IE 5, opening new windows until system |> resources are exhausted. This applies at least to NT 4 boxes with |> IE 5.5. |> |> res://shdocvw.dll/http_404.htm#http://www.securityfocus.com/
Current thread:
- res:// weirdness Markku-Juhani Saarinen (Aug 15)
- Re: res:// weirdness Bluefish (P.Magnusson) (Aug 16)
- Re: res:// weirdness Alex Schuetz (Aug 17)
- Re: res:// weirdness Bill Weiss (Aug 16)
- <Possible follow-ups>
- Re: res:// weirdness Markku-Juhani Saarinen (Aug 16)
- Re: res:// weirdness Bluefish (P.Magnusson) (Aug 16)