Made in Holland
PCP/A #0010 (pr0ph)

Remote/Local DoS on I.E. 4.x

I looked if this was a known vulnerability, but I could not find any info on
it. Neither could my phriends & phoes in news://alt.hack.nl If this is a
known vulnerability, then I give a bucket of credit to the original
exploiters.

It is possible to crash Internet Explorer 4.x by simply feeding it this
link: ' ftp://: '

All open Internet Explorer/Explorer windows will close down and it will
reset your "Active Desktop" (damn sh4m3). Opening ftp://: from applications
like RealPlayer or Windows Media Player will result in the DoS on them
aswell.

Our friend, Dr. Watson, had this to say:
"An appication error has occured and an application error log is being
generated.

explorer.exe [or Internet Explorer, depends on where you open it]
Exception: access violation (0xc0000005), Address: 0x7020dd84"

And Event Viewer told me:
"The shell stopped unexpectedly and explorer.exe was restarted."

A funny side-effect is that if you minimize your ICQ (probably works on some
other applications aswell) after the crash it will completely dissapear. Its
not on your screen anymore and you won't find it iin Task
Manager/Applications either, yet its still active! It showed up in Task
Manager/Processes. You can get it back by simply restarting ICQ, you'll get
a message that "ICQ is already running" and then it'll show up again.

Okay, the s00p3r 3xpl0!t:
ftp://: (whoah)

Or trigger it remote by using the infamous ICQ Greeting-card vulnerability.
Put the following line in the body of your ICQ Greeting-card:
<meta http-equiv="REFRESH" content="3; URL=ftp://:">

Yes, I know. IE 4 is old news, but its still widely used. I'm taking my time
to upgrade to SP6/NT5, and I know I shouldn't. Future exploits will be
comming from a more recent platform.

Another fine Planet Cazzz Production/Advisory. In association with The
Nations Top. We cannot be held responsible for your actions, but you can
try. Made in Holland. PCP/A #0010 (pr0ph)

We want to say hell0 to all the Crackers, the Hackers and the Phreax. We
want to say hell0 to all the people in this place. We want to say hell0 to
all the Sinners and 31337. We say hell0 to all the people in the world...

-No Strezzz Cazzz

If TCP/IP is the Pavement, HTTP is Cazzzoline...

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]