[14318] in bugtraq
For those who installed Decon fix for con/con vulnerability
daemon@ATHENA.MIT.EDU (Tima)
Fri Mar 17 00:27:56 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <0797.000316@au.ru>
Date: Thu, 16 Mar 2000 19:08:21 +0300
Reply-To: Speedo <Tima@au.ru>
From: Tima <Tima@AU.RU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
If you had con problem and installed Decon fix, you are now vulnerable
to another win 95(possibly)/98(tested) crash which is worse than the previous.
Software affected : All versions of Microsoft Internet Explorer (It
doesn't work in Netscape Navigator)
Actual problem :
Type existing server in address box, and then request for nonexistent file
with name >300 symbols. After server sends reply to the browser
your system stops responding at all, Control+Alt+Del work but you
won't see the box with tasks running so only thing you can do is
REBOOT.
Somebody can deface some good website and create a redirect
with 0 seconds waiting to such link.
Example : http://www.amsouth.com/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.html
Fix : Delete Decon fix from startup folder :) Now you are vulnerable
to con/con.
Hello to Cre@tor
Speedo mailto:Tima@au.ru
