How IE handles URL's

From: Duane Maurer (duanerama_at_HOTMAIL.COM)
Date: 12/12/03

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Recent posting by Microsoft into the newsgroups...." 
    Date:         Thu, 11 Dec 2003 22:23:20 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Russ: Feel free to rewrite this as much as you want...

    IE uses URL Monikers (a COM object used to parse a name of another object,
    kinda like a string pointer to another object) to parse out URL's by passing
    substrings to a few COM objects for each part, from the file urlmon.dll (Url
    Moniker) and that the problem is probably with the BSTR- (Unicode string
    with length not expecting NULLs) using COM object not understanding the
    problem that the NULL causes for the null terminated display code for the
    Address bar...

    One moniker (protocol moniker) will parse out the http:// and pass the rest
    of the string to another moniker (web server moniker since using http) that
    accepts the username:password@serverOrIP/ part of the url and creates a
    moniker (web server get request moniker or something, passed in the server
    name) to traverse the site asking for a page and such, returning COM objects
    for the objects on the page and such... etc...

    Anyway, urlmon.dll should be the only file changed... and everyone on this
    list needs to know that IE is very COM based and therefore everything is
    broken down into a number of little objects, each of which has to be perfect
    to prevent lame bugs like this one... Apparently they are not...

    Also, I think this should be critical, to get Microsoft to start patching
    again... Otherwise... How many issues will they be *sitting* on until
    January, that we may not even hear about, just to prevent breaking their
    proclaimation of no patches...

    Thanks,
    Duane

    P.S. Some ppl have pointed this out, but for the record... This is not sent
    in packets anywhere... You cannot firewall or use UrlMon and such to help
    this... You would have to create a new COM Url Moniker without any details
    from MS as to what exactly it is supposed to do and such... Without reverse
    engineering due to DCMA... Good luck ;)

    _________________________________________________________________
    Wonder if the latest virus has gotten to your computer? Find out. Run the
    FREE McAfee online computer scan!
    http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

    -----
    Out of Office replies to list messages cause you to be unsubscribed
    automatically. Either subscribe a Public Folder, or ensure your rules are
    set to ensure list messages are filtered prior to your Out of Office reply.
    Such automatic replies are a bane to posters, and cause us to have fewer
    researchers post to NTBugtraq.
    -----

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Recent posting by Microsoft into the newsgroups...."