IE8 Save as Title Bug

Wednesday, September 16, 2009
IE8 is have a bug thats allow denial access to
function "save as" if a html document have a very
long title.

By default wen a user try to clik in "save as "
the browser use the html title as the file name to
save; but if this title is very long , explorer give
a error because it can´t save this file.

Explorer can´t save files with the title longer
than 261 characters , them explorer give a warning
with a error that the file can´t save.

I think that this not have any security implication,
and i send it to MSRC and they think the same.

MSRC Response:

"agree with your assessment that this does not appear to
be a security issue. It may be a bug though so I am going
to forward your information directly to the product team
for considerations in a future non-security update"


a simple PoC of this situation:

<HTML>
<TITLE>A*261 chars</TITLE>
<HTML>

###########End #################

thank to all Lostmon groups team
Thnx to estrella to be my ligth

atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Security Researcher Acknowledgments from Microsoft

Tuesday, September 01, 2009
Security Researcher Acknowledgments
for Microsoft Online Services

The Microsoft Security Response Center (MSRC) is pleased to recognize the security researchers who have helped make Microsoft online services safer by finding and reporting security vulnerabilities. Each name listed represents an individual or company who has responsibly disclosed one or more security vulnerabilities in our online services and worked with us to remediate the issue.
http://technet.microsoft.com/en-us/security/cc308575.aspx#0809

August 2009 Security Researchers


  • Lostmon Lords
    lostmon.blogspot.com

  • Knuchel Steven
    xylitol.free.fr

  • Nenad Vijatov
    blog.vijatov.com

--

thank to all Lostmon groups team
Thnx to estrella to be my ligth

atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Latest OSVDB Vulnerabilities

 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...