lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 31 May 2005 09:43:46 +0200
From: "Hohn, Joerg" <Joerg.Hohn@...ystems.com>
To: 0-1-2-3@....de, bugtraq@...urityfocus.com
Subject: RE: Microsoft Internet Explorer - Crash on adding sites to restri
	cted zone (05/28/2005)


not true with IEX 5.50.4807.2300CO

--- 
j_h 

> -----Original Message-----
> From: Benjamin Tobias Franz [mailto:0-1-2-3@....de]
> Sent: Saturday, May 28, 2005 4:24 PM
> To: bugtraq@...urityfocus.com
> Subject: Microsoft Internet Explorer - Crash on adding sites to
> restricted zone (05/28/2005)
> 
> 
> Microsoft Internet Explorer - Crash on adding sites to restricted zone
> (05/28/2005)
> 
> Description:
> There is a bug in Microsoft Internet Explorer, which causes a crash in
> URLMON.DLL.
> - EventType : BEX - P1 : IEXPLORE.EXE - P2 : 6.0.2900.2180
> - P3 : 41107b81 - P4 : urlmon.dll - P5 : 6.0.2900.2627 - P6 : 422fff74
> - P7 : 0005bf61 - P8 : c0000409 - P9 : 00000000
> The bug occurs, because Microsoft Internet Explorer can't 
> handle adding of
> special-formed URLs to restricted zone. To get a crash, the 
> URL must begin
> with numbers and dots (like a correct IP address), but it 
> mustn't end like a
> IP address.
> 
> Affected software:
> Microsoft Internet Explorer
> 
> Workaround:
> Don't add such URLs to any zone.
> 
> Proof-of-Concept exploit:
> Add to restricted zone: 4.3.2.1btf-errorreporting.btf.de
> 
> Date of discovery:
> 20. April 2005
> 
> Tested software:
> Microsoft Internet Explorer 6 SP2 
> (6.0.2900.2180.xpsp_sp2_gdr.050301-1519)
> on a fully patched Windows XP SP2 system.
> 
> DLL versions:
> MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
> 
> 
> Regards,
> 
> Benjamin Tobias Franz
> Germany
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ