Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Browsers :: ie114~1.htm

MSIE 4.x crash with very simple link



Vulnerability

    IE

Affected

    IE 4.x

Description

    "No  Strezzz  Cazzz"  found  following.   It  is possible to crash
    Internet Explorer 4.x by simply feeding it this link:

        ftp://:

    All open Internet Explorer/Explorer windows will close down and it
    will  reset   your  "Active   Desktop".    Opening  ftp://:   from
    applications like RealPlayer or  Windows Media Player will  result
    in the DoS on them aswell.

    Our friend, Dr. Watson, had this to say:

        An appication error has occured and an application error log is being generated.

        explorer.exe [or Internet Explorer, depends on where you open it]
        Exception: access violation (0xc0000005), Address: 0x7020dd84

    And Event Viewer told us:

        The shell stopped unexpectedly and explorer.exe was restarted.

    A funny  side-effect is  that if  you minimize  your ICQ (probably
    works on some other applications  aswell) after the crash it  will
    completely dissapear  (hm, I  noticed this  with win2000  whenever
    explorer.exe goes down).  It's not on your screen anymore and  you
    won't find it iin Task Manager/Applications either, yet its  still
    active!  It showed up in  Task Manager/Processes.  You can get  it
    back by simply restarting ICQ,  you'll get a message that  "ICQ is
    already running" and then it'll show up again.

    You can trigger it remote by using the infamous ICQ  Greeting-card
    vulnerability.   Put the  following line  in the  body of your ICQ
    Greeting-card:

        <meta http-equiv="REFRESH" content="3; URL=ftp://:">

    This advisory is the result of the "[bug]: Cause IE 5.X to  crash"
    message by Elie Aka Lupin Bursztein:

        http://oliver.efri.hr/~crv/security/bugs/NT/ie113.html

Solution

    Upgrade to IE5.X or 6.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH