Vulnerability Development mailing list archives
Windows Explorer still vulnerable to ftp request buffer overflow
From: ByteRage <byterage () YAHOO COM>
Date: Wed, 21 Feb 2001 10:49:15 -0800
Systems affected : Windows systems with Internet Explorer 5.0 & 5.5 Original bug report for Internet Explorer 5.0 by : Shane Hird I recently found that windows (internet) explorer is vulnerable to a buffer overflow when browsing to an URL like : ftp://ftphost.com/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/ (in this case ftphost.com signifies an ftp host the system can login to, it could also be in the form user:password@ftphost) This buffer overflow can also be exploited via html tags like <A HREF="insert URL here">CLICKME</A> or javascript source like : <SCRIPT>location="insert URL here";</SCRIPT> The initial bug report on this issue was already written by Shane Hird for IE5.0, but the bug still seems to persist on Internet Explorer 5.5 (5.50.4134.0600) systems, as internet explorer is still using the vulnerable version (5.00.2134.1000) of MSIEFTP.DLL. The buffer overflow doesnt seem to be easily exploited, making this a low security risk nonetheless. ====================================================== [ByteRage] <byterage () yahoo com> [www.byterage.cjb.net] ====================================================== __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/
Current thread:
- Windows Explorer still vulnerable to ftp request buffer overflow ByteRage (Feb 21)
- Re: Windows Explorer still vulnerable to ftp request buffer overflow Rio Martin (Feb 22)