Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
How IE handles URL's
From: Duane Maurer (duaneramaHOTMAIL.COM)
Date: Thu Dec 11 2003 - 21:23:20 CST
Russ: Feel free to rewrite this as much as you want...
IE uses URL Monikers (a COM object used to parse a name of another object,
kinda like a string pointer to another object) to parse out URL's by passing
substrings to a few COM objects for each part, from the file urlmon.dll (Url
Moniker) and that the problem is probably with the BSTR- (Unicode string
with length not expecting NULLs) using COM object not understanding the
problem that the NULL causes for the null terminated display code for the
One moniker (protocol moniker) will parse out the http:// and pass the rest
of the string to another moniker (web server moniker since using http) that
accepts the username:passwordserverOrIP/ part of the url and creates a
moniker (web server get request moniker or something, passed in the server
name) to traverse the site asking for a page and such, returning COM objects
for the objects on the page and such... etc...
Anyway, urlmon.dll should be the only file changed... and everyone on this
list needs to know that IE is very COM based and therefore everything is
broken down into a number of little objects, each of which has to be perfect
to prevent lame bugs like this one... Apparently they are not...
Also, I think this should be critical, to get Microsoft to start patching
again... Otherwise... How many issues will they be *sitting* on until
January, that we may not even hear about, just to prevent breaking their
proclaimation of no patches...
P.S. Some ppl have pointed this out, but for the record... This is not sent
in packets anywhere... You cannot firewall or use UrlMon and such to help
this... You would have to create a new COM Url Moniker without any details
from MS as to what exactly it is supposed to do and such... Without reverse
engineering due to DCMA... Good luck ;)
Wonder if the latest virus has gotten to your computer? Find out. Run the
FREE McAfee online computer scan!
Out of Office replies to list messages cause you to be unsubscribed
automatically. Either subscribe a Public Folder, or ensure your rules are
set to ensure list messages are filtered prior to your Out of Office reply.
Such automatic replies are a bane to posters, and cause us to have fewer
researchers post to NTBugtraq.