RE: Kerio Personal Firewall 4 and IE 6 "Bug"

Noah Dunker <ndunker@jccc.net> · Wed, 7 Apr 2004 11:18:59 -0500

Tested the IE iframe "bug" on Windows 2000 with the following IE Versions:

Standard install of IE off my Windows 2000 CD (installed on one machine
earlier this week, no updates):
5.00.3700.1000 128bit 
SP4

After running Windows Update on another almost identical machine (last
update was on Monday):
6.0.2800.1106 128bit
SP1

Neither one crashed.  IE on both machines brought up a scrolling IFRAME with
no content.  What version number of IE6 are you running?

Cheers
Noah Dunker
Systems Analyst
Johnson County Community College

-----Original Message-----
From: E.Kellinis [mailto:me@cipher.org.uk] 
Sent: Tuesday, April 06, 2004 6:37 PM
To: bugtraq@securityfocus.com
Subject: Kerio Personal Firewall 4 and IE 6 "Bug"

- ----------------
Kerio Personal Firewall 4
- ----------------

+Web Filtering enabled problem
If a URL contains  (%13%12%13) Kerio Firewall Crashes

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=&btnG=Google
+Search

also it can be passed to a browser via IFRAME tag and crash Kerio
without user's acceptance
(many ways to do that with redirection)

To avoid this problem you shoud disable Web Filtering
######################################################################
- -------------
Internet Explorer 6
- -------------

if you create a web page and you add an IFRAME which points to --> ?
IE 6.0 Crashes.

<iframe src="?">
######################################################################

NOTE : Not sure if these are actual bugs or are only in my system.

thx
Manos

=========================================================
*PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt
=========================================================

=========================================================
*PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt
=========================================================