I looked into the "buffer overflow": it's actually a stack overflow. This means Outlook Express just runs out of stack space and terminates. Nothing is overwritten, this is not exploitable to gain unauthorized access or elevate priviledges.
Cheers, SkyLined > These are not IE vulnerabilities. > > In all, you have described several ways to do some basic ressource > exhaustion by using Internet Explorer as well as an abnomaly in the Apache > server and a possible exploitable buffer overflow in Outlook Express. The > latter is definitely interesting, provided it is exploitable at all, but the > first items are not security vulnerabilities - details below. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
