[32768] in bugtraq
RE: Internet Explorer URL parsing vulnerability
daemon@ATHENA.MIT.EDU (http-equiv@excite.com)
Wed Dec 10 13:07:56 2003
Message-Id: <200312092351.hB9NpPU2030743@web115.megawebservers.com>
To: <bugtraq@securityfocus.com>
Date: Tue, 9 Dec 2003 23:51:25 -0000
From: "http-equiv@excite.com" <1@malware.com>
Cc: <full-disclosure@lists.netsys.com>
Reply-To: 1@malware.com
Here's a fully functional self-explanatory demo:
http://www.malware.com/hole-e-day.zip
functional from these quarters on fully patched IE6 / OE6
No doubt many will receive nice holiday greetings soon enough
END CALL
The following works on Outlook Express 6 latest everything. Running
on XP.
http://cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00249.html
09% pushes malware.com out of sight in the task bar, and %01 leaves
microsoft.com intact in the address bar:
<A
href="http://www.microsoft.com%01%09%09%09%09%09%09%
09@www.malware.com">religious
software</A>
Certainly will add a new flavour to the ever increasing methods of
trickery. Now all we need to do is spoof the file download name on
an *.exe and away we go.
--
http://www.malware.com
