Vulnerability Development mailing list archives
[no subject]
From: gregory duchemin <c3rb3r () HOTMAIL COM>
Date: Wed, 8 Nov 2000 19:48:38 GMT
hi, I dunno if this one was previously reported, when entering an url with more than 280 chars, MSIE 5.00.2314.1003 crash with a dr watson because of an access violation. for example: http://ip/$$$$$.....$$$$$$$ (about 280) will crash with bad access to address 0x24 0x24 0x24 0x24 (0x24 = ascii $) it would be easy to insert win32 code inside the URI and force remote browser to execute it. note: this happened on NT 4.00.1381 server Gregory Duchemin NEUROCOM CANADA 1001 bd maisonneuve, suite 200 Montreal (QUEBEC) H3A 3C8 CANADA c3rb3r () homail com _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
Current thread:
- [no subject] gregory duchemin (Nov 10)