Full Disclosure mailing list archives
RE: Internet Explorer URL parsing vulnerability
From: "http-equiv () excite com" <1 () malware com>
Date: Tue, 9 Dec 2003 23:51:25 -0000
Here's a fully functional self-explanatory demo: http://www.malware.com/hole-e-day.zip functional from these quarters on fully patched IE6 / OE6 No doubt many will receive nice holiday greetings soon enough END CALL The following works on Outlook Express 6 latest everything. Running on XP. http://cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00249.html 09% pushes malware.com out of sight in the task bar, and %01 leaves microsoft.com intact in the address bar: <A href="http://www.microsoft.com%01%09%09%09%09%09%09% 09 () www malware com">religious software</A> Certainly will add a new flavour to the ever increasing methods of trickery. Now all we need to do is spoof the file download name on an *.exe and away we go. -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: FWD: Internet Explorer URL parsing vulnerability, (continued)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Jeremiah Cornelius (Dec 09)
- FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- RE: RE: FWD: Internet Explorer URL parsing vulnerability Chris S (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Michal Zalewski (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: FWD: Internet Explorer URL parsing vulnerability Julian HO Thean Swee (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Cedric Blancher (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Exibar (Dec 10)