RE: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow.

From: Paul Szabo (psz_at_maths.usyd.edu.au)
Date: 04/29/04

  • Next message: Rick Updegrove: "Re: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scanners" 
    To: bporter@heart.net, full-disclosure@lists.netsys.com, kf_lists@secnetops.com
Date: Thu, 29 Apr 2004 08:58:46 +1000 (EST)

    Tested on W2kSP4 (right-click MyComputer, Properties):

      Microsoft Windows 2000
      5.00.2195
      Service Pack 4

    with IE6 (and noting that W2kSP3 behaved identically).

    Going to StartMenu > Run > \\hostname behaves sensibly, showing all
    shares; clicking on the long one says "The network name cannot be found".

    However, going to StartMenu > Run > \\IP.address crashes explorer:

      Program Error
      explorer.exe has generated errors and will be closed by Windows.
      You will need to restart the program.
      An error log is being created.
      [Cancel]

    (then explorer re-starts automatically and the button changes to [OK]). I
    cannot see an EIP=41414141 (or 00410041) in file drwtsn32.log (in
    C:\Documents and Settings\All Users\Documents\Dr Watson), but maybe it is
    not telling the truth (or maybe I needed \\IP.address\sharename?).

    Anyway, http://support.microsoft.com/?kbid=322857 lies when it says this is
    fixed in W2kSP4; or maybe that KB article refers to a different problem: it
    say the error should be "Access Violation", I got "Program Error".

    Cheers,

    Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
    School of Mathematics and Statistics University of Sydney 2006 Australia

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Rick Updegrove: "Re: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scanners"