Full Disclosure mailing list archives
RE: Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability
From: Jelmer <jkuperus () planet nl>
Date: Fri, 06 Aug 2004 17:26:59 +0200
I found this vulnerability (or class of them) in July 2003 and described it on several security lists on March 9th, 2004.
There's at least one instance of prior art that I aware of http://cert.uni-stuttgart.de/archive/bugtraq/2001/03/msg00193.html I think there have been more but I can't seem to find them
For examples (actual exploitable vulnerabilities), you can try Google search for "argument injection vulnerability" or read my messages on this list about Outlook mailto: URL vulnerability, Windows Help and Support Center HCP: URL vulnerability, or Lotus Notes notes: URL vulnerability.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability Jouko Pynnonen (Aug 06)
- RE: Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability Jelmer (Aug 06)