Vulnerability Development mailing list archives
Re: Potential overflow in Internet Explorer
From: Benjamin Branch <ben () ACMECLICK COM>
Date: Tue, 6 Feb 2001 11:52:40 -0600
Running Win98 SE with all updates, running IE build 5.50.4143.0600 and could not reproduce the the problem. I the only thing i got was a 404 File not Found error when I tried it. Nothing more. Sorry I couldn't be of more help. Benjamin ----- Original Message ----- From: "Bojan Zdrnja" <Bojan.Zdrnja () FER hr> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Tuesday, February 06, 2001 3:19 AM Subject: Re: Potential overflow in Internet Explorer
I tryed the same on my Windows 2K machine. I found out that IE doesn't let you enter more then 2048 characters in Address field (this is probably some protection against buffer overruns).
I
will test it on other machines and let you know. Interesting thing is that I tested it on server which had apache running
on
and I got same message as Felipe Franciosi, about Forbidden message. Bojan Zdrnja IT/Security Consultant Faculty of EE and CS, Zagreb, Croatia-----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Eric D. Williams Sent: 5. veljaea 2001 17:46 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Potential overflow in Internet Explorer I was able to reproduce on Windows NT 4.0 System: Microsoft Windows NT 4.00.1301 (SP6 + all relevant Fixes) IE 5 5.00.3105.0106 (SP2 etc.) http://www.thewebserver.com/[aaaaaaaaaaaaaaaaaaa (and lots of 'a's didn't count yet) 0x61616161 on the Call Stack (bad sign :) Eric On Saturday, February 03, 2001 2:13 PM, Robbert Muller [SMTP:mjrider () ENSCHEDE COM] wrote:On Mon, Jan 29, 2001 at 08:12:20PM -0800,joetesta () HUSHMAIL COM wrote:<SNIP>I am using version 5.50.4522.1800 on Win98 SE withall critical updatesinstalled. I attempted to reproduce this crash on threeother machineswithout success. Their version numbers where: 5.00.2614.3500, 5.50.4134.0100, 5.50.4134.0600 It seems as though this may be some sort of regression error, bad mix of software, or both. Can anyone else reproduce this?5.504522.1800 (Winme+all updates) doesn't crash -- Robbert Muller | Never let a luser on your console. mjrider@enschede dot com | Because that means they're in your room. uin: 9659330 | finger mjrider () mjrider student utwente nl PGP-key 0x2F634245 | for the PGP key
Current thread:
- Re: Potential overflow in Internet Explorer, (continued)
- Re: Potential overflow in Internet Explorer Wouter Clarie (Feb 04)
- Re: Potential overflow in Internet Explorer Lord Soth (Feb 04)
- Re: Potential overflow in Internet Explorer Christopher Kunz (Feb 04)
- Re: Potential overflow in Internet Explorer Rio Martin (Feb 05)
- Re: Potential overflow in Internet Explorer Felipe Franciosi (Feb 05)
- Message not available
- Re: Potential overflow in Internet Explorer Felipe Franciosi (Feb 06)
- Re: Potential overflow in Internet Explorer Mike Fedyk (Feb 22)
- Message not available
- Re: Potential overflow in Internet Explorer William N. Zanatta (Feb 05)
- Re: Potential overflow in Internet Explorer Eric D. Williams (Feb 05)
- Re: Potential overflow in Internet Explorer Bojan Zdrnja (Feb 06)
- Re: Potential overflow in Internet Explorer Benjamin Branch (Feb 06)
- Re: Potential overflow in Internet Explorer Mike Sues (Feb 07)
- Re: Potential overflow in Internet Explorer Bojan Zdrnja (Feb 06)
- Re: Potential overflow in Internet Explorer Mike Duncan (Feb 05)
- Re: Potential overflow in Internet Explorer Arturo Busleiman (Feb 05)
- Re: Potential overflow in Internet Explorer Rio Martin (Feb 06)