Re: L0pht Advisory: IE4.0

David LeBlanc (dleblanc@MINDSPRING.COM)
Mon, 10 Nov 1997 22:54:55 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew McNaughton: "Re: CERT Advisory CA-97.25 - CGI_metachar"
Previous message: John Bashinski: "Cisco IOS password encryption facts"
Maybe in reply to: Petri Helenius: "L0pht Advisory: IE4.0"
Next in thread: rene@NS.VIA.NL: "Re: L0pht Advisory: IE4.0"

At 03:43 PM 11/10/97 -0500, DilDog wrote:
> Document: L0pht Security Advisory
> URL Origin: http://l0pht.com/advisories.html
> Release Date: November 1st, 1997
> Application: Microsoft Internet Explorer 4.0 Suite
> Severity: Viewing remote HTML content can execute arbitrary native
code
> Author: dildog@l0pht.com
> Operating Sys: Windows 95
>
>---------------------------------------------------------------------------

---

Hmmm - all it does on NT is:

Internet Explorer cannot open the Internet site

res://¸ÄAØ€-€€€€‹Ø3É€Áª Ù±_  €â ˆ CâöPj ºíÂX ê    R»·ò÷¿€ï
€ÿÓZZP3Û³ Sƒë SP»à€ù¿ÿÓƒì XP3Û³9S» Òç ë   SP»°Êù¿ÿÓƒÄ »Ï€ù¿ÿÓ»°¯
ø¿ÿÓÌÌ-------------C:\AUTOEXEC.BAT€ ECHO MICRO$OFT 0WNZ YOU... REPENT
AND BE SAVED! PAUSE €----------------AAAABBBBC  ¾¿DDDEDÁW/

The filename or extension is too long.

Of course, you did say it applied to Win95...

OTOH, I'm _really_ disappointed - I've been hearing that since I was
running IE 4.0 that I could be owned.  Thought for a minute or two that I
might need to start using netcat as my browser.




David LeBlanc           |Why would you want to have your desktop user,
dleblanc@mindspring.com |your mere mortals, messing around with a 32-bit
                        |minicomputer-class computing environment?
                        |Scott McNealy

Next message: Andrew McNaughton: "Re: CERT Advisory CA-97.25 - CGI_metachar"
Previous message: John Bashinski: "Cisco IOS password encryption facts"
Maybe in reply to: Petri Helenius: "L0pht Advisory: IE4.0"
Next in thread: rene@NS.VIA.NL: "Re: L0pht Advisory: IE4.0"