[no subject]

[gregory duchemin <c3rb3r () HOTMAIL COM>]

hi,

I dunno if this one was previously reported, when entering an url with
more than 280 chars, MSIE 5.00.2314.1003 crash with a dr watson because of
an access violation.
for example: http://ip/$$$$$.....$$$$$$$ (about 280)
will crash with bad access to address 0x24 0x24 0x24 0x24 (0x24 = ascii $)
it would be easy to insert win32 code inside the URI and force remote
browser to execute it.


note: this happened on NT 4.00.1381 server


Gregory Duchemin
NEUROCOM CANADA

1001 bd maisonneuve, suite 200
Montreal (QUEBEC) H3A 3C8 CANADA
c3rb3r () homail com

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.