IE8 Save as Title Bug

1 view

Skip to first unread message

Lostmon lords

unread,

Sep 16, 2009, 10:42:21 AM9/16/09

to los...@googlegroups.com, moder...@osvdb.org, bu...@securitytracker.com, vu...@securityfocus.com, vu...@secunia.com, vu...@k-otik.com, submi...@packetstormsecurity.org, ne...@securiteam.com, xfo...@iss.net, ale...@zataz.net, Vu...@frsirt.com, da...@systemsecure.org

IE8 is have a bug thats allow denial access to
function "save as" if a html document have a very
long title.

By default wen a user try to clik in "save as "
the browser use the html title as the file name to
save; but if this title is very long , explorer give
a error because it can´t save this file.

Explorer can´t save files with the title longer
than 261 characters , them explorer give a warning
with a error that the file can´t save.

I think that this not have any security implication,
and i send it to MSRC and they think the same.

MSRC Response:

"agree with your assessment that this does not appear to
be a security issue. It may be a bug though so I am going
to forward your information directly to the product team
for considerations in a future non-security update"

a simple PoC of this situation:

<HTML>
<TITLE>A*261 chars</TITLE>
<HTML>

###########End #################

thank to all Lostmon groups team
Thnx to estrella to be my ligth
--
atentamente:
Lostmon (los...@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Reply all

Reply to author

Forward

0 new messages