|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: (no subject)
From: gregory duchemin (c3rb3r
HOTMAIL.COM)Date: Wed Nov 08 2000 - 13:48:38 CST
- Next message: Bluefish (P.Magnusson): "Re: Apache ap_getpass vulnerability"
- Previous message: Stephanie Wehner: "Re: windows scripting encoder"
- Next in thread: Vladimir Dubrovin: "(no subject)"
- Maybe reply: gregory duchemin: "(no subject)"
- Reply: Vladimir Dubrovin: "(no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi,
I dunno if this one was previously reported, when entering an url with
more than 280 chars, MSIE 5.00.2314.1003 crash with a dr watson because of
an access violation.
for example: http://ip/$$$$$.....$$$$$$$ (about 280)
will crash with bad access to address 0x24 0x24 0x24 0x24 (0x24 = ascii $)
it would be easy to insert win32 code inside the URI and force remote
browser to execute it.
note: this happened on NT 4.00.1381 server
Gregory Duchemin
NEUROCOM CANADA
1001 bd maisonneuve, suite 200
Montreal (QUEBEC) H3A 3C8 CANADA
c3rb3rhomail.com
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
- Next message: Bluefish (P.Magnusson): "Re: Apache ap_getpass vulnerability"
- Previous message: Stephanie Wehner: "Re: windows scripting encoder"
- Next in thread: Vladimir Dubrovin: "(no subject)"
- Maybe reply: gregory duchemin: "(no subject)"
- Reply: Vladimir Dubrovin: "(no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]