I looked into the "buffer overflow": it's actually a stack overflow. This means Outlook Express just runs out of stack space and terminates. Nothing is overwritten, this is not exploitable to gain unauthorized access or elevate priviledges. Cheers, SkyLined > These are not IE vulnerabilities. > > In all, you have described several ways to do some basic ressource > exhaustion by using Internet Explorer as well as an abnomaly in the Apache > server and a possible exploitable buffer overflow in Outlook Express. The > latter is definitely interesting, provided it is exploitable at all, but the > first items are not security vulnerabilities - details below.
