long url overflow in IE6 public preview on WinME

From: Joseph Mallett (jmallett@NewGold.NET)
Date: 08/14/01


Date: Tue, 14 Aug 2001 00:57:27 +0000
From: Joseph Mallett <jmallett@NewGold.NET>
To: bugtraq@securityfocus.com
Subject: long url overflow in IE6 public preview on WinME
Message-ID: <20010814005727.A84372@NewGold.NET>

Requesting the url:
http://srcsys.org//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

either by entering it into the address bar or redirection to it (via a
CGI) causes IE6 public preview [on a winme machine with all windowsupdates
installed as of yesterday] to crash with an "abnormal program exit".

I don't have a good enough knowledge to track down this overflow, etc.,
but I have emailed Microsoft with this information, and thought I would
mention it here, if it might help speed up the process of finding the bug,
finding out if it is a possible threat, etc.

Thanks,
/joseph

--
Joseph A. Mallett
http://srcsys.org

xMach Core Team, www.xMach.org



Relevant Pages