Full Disclosure mailing list archives

Re: Internet Explorer URL parsing vulnerability - fix available

From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 16 Dec 2003 15:29:51 -0600 (CST)


I found nothing wrong with their posting, and certainly did not see them
trying to make more then a buck iin all this either.  Source would be nice
for review, but, to complain about the posting being a "commecial
solicitation" is a tad far fetched:

<paste>
Licensing

   URL Filter is free for home users, for a single PC.

   For business users, or home users with multiple PCs to protect, the
   cost is $US1 per PC, with a minimum purchase of $5.

   Try it / Buy it...
</paste>

Thanks,


Ron DuFresne

On Tue, 16 Dec 2003, Gregory A. Gilliss wrote:

Well his post gives me some pause...since this is a "shareware" product
(the poster is out to make some $$$ for themselves) I wonder that it doesn't
count as a commercial solicitation. Besides that, AFAIK the URL filter
is not available in source code format (for peer review). IN short, I'd
say that this is about as far from "full disclosure" as you can get,
albeit that it does appear to address the vulnerability...

G

On or about 2003.12.16 16:31:54 +0000, Frank Hagenson (fulldisclosure () hagenson com) said:

A fix for this vulnerability is available at my website:
http://www.abracadabrasolutions.com/UrlFilter.htm

Regards,
Frank Hagenson.


--
Gregory A. Gilliss, CISSP                              E-mail: greg () gilliss com
Computer Security                             WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Internet Explorer URL parsing vulnerability - fix available Frank Hagenson (Dec 16)
- Re: Internet Explorer URL parsing vulnerability - fix available Gregory A. Gilliss (Dec 16)
  - Re: Internet Explorer URL parsing vulnerability - fix available Exibar (Dec 16)
  - Re: Internet Explorer URL parsing vulnerability - fix available Ron DuFresne (Dec 16)
- <Possible follow-ups>
- RE: Internet Explorer URL parsing vulnerability - fix available Robert Ahnemann (Dec 16)