Vulnerability Development mailing list archives
Re: [VulnWatch] greek characters buffer overflow, AGAIN!
From: Daniel Nyström <exce () netwinder nu>
Date: Wed, 17 Apr 2002 08:24:33 +0200
It does not affect my browser neither.. MSIE 6.0 (WinXP) .. Just get a strange URL and a 404 as a result of clicking "hey". /D ----- Original Message ----- From: "TanaydIn 'HuzursuZ' $irin" <tanaydin () ihlas net tr> To: <vuln-dev () securityfocus com>; <bugtraq () securityfocus com>; <vulnwatch () vulnwatch org> Cc: <security () microsoft com> Sent: Tuesday, April 16, 2002 7:13 PM Subject: Re: [VulnWatch] greek characters buffer overflow, AGAIN!
it isn't cause any problem for me... w2k ie6 ----- Original Message ----- From: "MegaHz" <admin () cyhackportal com> To: <vuln-dev () securityfocus com>; <bugtraq () securityfocus com>; <vulnwatch () vulnwatch org> Cc: <security () microsoft com> Sent: Tuesday, April 16, 2002 12:40 PM Subject: [VulnWatch] greek characters buffer overflow, AGAIN!One year ago I discovered a buffer overflow in the address bar of IE 5.0using greek characters, look at:http://www.cyhackportal.com/modules.php?name=News&file=article&sid=81 Today I discover this:
http://www.bestbuy.com.cy/cgi-bin/buy.storefront/<<<áx1388>>>/Product/View/C
MPL_00_GDXbox(do not use: <<<,>>>) and yes, Internet explorer, exited by itself. Very strange. I don't knowwhy, pls try thatI uploaded here a sample html, http://megahz.cyhackportal.com/hey.html I test it out on 3 pcs I have at my work, but there was only one thatseemed to have the bug, and resolve on closing the IE.maybe is bestbuy's problem, and the software they use, the original url was:
http://www.bestbuy.com.cy/cgi-bin/buy.storefront/3cbbef7d0794c70e27a4c30e950
106f2/Product/View/CMPL_00_GDXboxmaybe is storefronts problem... pls test it out, and let me know, Thank you, /* * Andreas Constantinides (MegaHz) * http://www.cyhackportal.com * */
Current thread:
- greek characters buffer overflow, AGAIN! MegaHz (Apr 16)
- Re: [VulnWatch] greek characters buffer overflow, AGAIN! TanaydIn 'HuzursuZ' $irin (Apr 16)
- Re: [VulnWatch] greek characters buffer overflow, AGAIN! Daniel Nyström (Apr 17)
- Re: [VulnWatch] greek characters buffer overflow, AGAIN! DarkeFire (Apr 16)
- Re: greek characters buffer overflow, AGAIN! Dustin E. Childers (Apr 16)
- Re: greek characters buffer overflow, AGAIN! xfesty (Apr 16)
- Re: greek characters buffer overflow, AGAIN! muchar78 (Apr 17)
- Re: greek characters buffer overflow, AGAIN! Mike Müller (Apr 17)
- <Possible follow-ups>
- RE: greek characters buffer overflow, AGAIN! Thor Larholm (Apr 16)
- Re: greek characters buffer overflow, AGAIN! MegaHz (Apr 17)
- Re: [VulnWatch] greek characters buffer overflow, AGAIN! TanaydIn 'HuzursuZ' $irin (Apr 16)