[32797] in bugtraq
RE: Internet Explorer URL parsing vulnerability
daemon@ATHENA.MIT.EDU (Mimmus)
Thu Dec 11 13:26:11 2003
Message-ID: <000501c3bfff$300d75a0$cf42e3c1@pitagora.it>
From: "Mimmus" <dviggiani@tiscali.it>
To: "bugtraq" <bugtraq@securityfocus.com>
Date: Thu, 11 Dec 2003 16:55:18 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Can any workaround be used at proxy level?
I.e. can malicious URLs be blocked using Squid?
Thanks in advance
Domenico Viggiani
> -----Original Message-----
> From: bugtraq@zapthedingbat.com [mailto:bugtraq@zapthedingbat.com]
> Sent: Tuesday, December 09, 2003 3:44 PM
> Subject: Internet Explorer URL parsing vulnerability
>
> Internet Explorer URL parsing vulnerability
> Vendor Notified 09 December, 2003
>
> # Vulnerability ##########
> There is a flaw in the way that Internet Explorer displays
> URLs in the address bar.
>
> By opening a specially crafted URL an attacker can open a
> page that appears to be from a different domain from the
> current location.
