Bugtraq mailing list archives

RE: Internet Explorer URL parsing vulnerability

From: "Mimmus" <dviggiani () tiscali it>
Date: Thu, 11 Dec 2003 16:55:18 +0100

Can any workaround be used at proxy level? 

I.e. can malicious URLs be blocked using Squid?



Thanks in advance

Domenico Viggiani

-----Original Message-----

From: bugtraq () zapthedingbat com [mailto:bugtraq () zapthedingbat com]

Sent: Tuesday, December 09, 2003 3:44 PM

Subject: Internet Explorer URL parsing vulnerability

Internet Explorer URL parsing vulnerability

Vendor Notified 09 December, 2003

# Vulnerability ##########

There is a flaw in the way that Internet Explorer displays

URLs in the address bar.

By opening a specially crafted URL an attacker can open a

page that appears to be from a different domain from the

current location.

Current thread:

Re: Internet Explorer URL parsing vulnerability, (continued)
- - - Message not available
    - Re: Internet Explorer URL parsing vulnerability Eric "MightyE" Stevens (Dec 09)
- Internet Explorer URL parsing vulnerability John W. Noerenberg II (Dec 09)
  - Re: Internet Explorer URL parsing vulnerability Pedro Castro (Dec 10)
    - Re: Internet Explorer URL parsing vulnerability William Stockall (Dec 10)
    - Re: Internet Explorer URL parsing vulnerability Andreas Plesner Jacobsen (Dec 10)
    - Re: Internet Explorer URL parsing vulnerability Charles Richmond (Dec 11)
    - Re: Internet Explorer URL parsing vulnerability Tiago Pierezan Camargo (Dec 10)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 10)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 10)
- RE: Internet Explorer URL parsing vulnerability Lance James (Dec 10)
- RE: Internet Explorer URL parsing vulnerability Mimmus (Dec 11)