Thought I'd share it here. Nothing huge or important, just a little crash:
Quotehi,
Affected Software : Microsoft Internet Explorer
Vulnerability : Remote DOS / Crash
Tested On : MS IE 6.0 SP1, Win2K SP4, [up-to-date]
according to windowsupdate.com
Discovered by : Gregory R. Panakkal
HomePage : http://www.crapware.tk
Details
=======
Pointing a link to the URI -> file://!:\ [replace !
with the character with ascii value for eg:- 0xA0].
Causes IE6-SP1 to crash, the illegal op occuring in
user32.dll. Other special characters are also
possible.
Demo
====
A demonstration is available at the following URL.
http://crapware.lx.ro/junkcode/security/ie-sp1-file-a0-crash.htm
Greetz to
=========
Rakesh Balasunder - r0ck@iNfy
CK - Saitegog! :)
rgds,
Gregory R. Panakkal
hahhaha thats great!
An IE crash is no longer the exception to the rule. It has become the rule, and the exception is not crashing.
Apparently it's been around (unfixed) for almost a year
Quote>> Discovered by : Gregory R. Panakkal
Incorrect: E.Kellinis reported it on Friday, May 07, 2004 to bugtraq:
http://www.securityfocus.com/archive/1/362524/2004-05-06/2004-05-12/0
>> Pointing a link to the URI -> file://!:\ [replace !
>> with the character with ascii value for eg:- 0xA0].
>> Causes IE6-SP1 to crash, the illegal op occuring in
>> user32.dll. Other special characters are also
>> possible.
More details can be found here:
http://lists.netsys.com/pipermail/full-disclosure/2004-May/021272.html
http://lists.netsys.com/pipermail/full-disclosure/2004-December/030115.html
.-----------------------------------,
/ Berend-Jan Wever aka SkyLined )
/ skylined@edup.tudelft.nl / \
/ http://www.edup.tudelft.nl/~bjwever / /
/ PGP key ID 0x48479882 / /
/ .----. , / /
/ ( ' / / . __ __/ / /
/ `'-._ /.' | / / / ( / /_.'.' / / /
( ) / ) |/ / / / ) (__ (__/ / /
\-------' ------` '-----------------< /
\______.`\______\/\_________________\/
mine didnt crash.......
are you on SP1 or SP2?
Crashed on WinXP SP2 here at school.
Sujak is probably on Mac, which would explain it