[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Explorer URL parsing vulnerability

To: bugtraq@securityfocus.com
Subject: Re: Internet Explorer URL parsing vulnerability
From: "Eric \"MightyE\" Stevens" <trash@mightye.org>
Date: Tue, 09 Dec 2003 14:34:34 -0500

IE 6.0.2800.1106.xpsp2.030422-1633 with all the latest updates (SP1; Q822925; Q330994; Q828750; Q824145) is vulnerable. Works like a charm.

-Eric "MightyE" Stevens
http://lotgd.net

soulshok@hippie.dk wrote:

In-Reply-To: <20031209144416.31613.qmail@sf-www2-symnsj.securityfocus.com>

# Exploit ########## By opening a window using the http://user@domain nomenclature an attacker can hide the real location of the page by including a 0x01 character after the "@" character. Internet Explorer doesn't display the rest of the URL making the page appear to be at a different domain.

...
# Tested ##########
Internet Explorer
Version 6.0.2800.1106C0
Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
Internet Explorer 5.00.3700.1000 (SP4, Q824145) doesn't seem to be vunlerable to this.

References:
- Re: Internet Explorer URL parsing vulnerability
  - From: <soulshok@hippie.dk>

Prev by Date: Dell BIOS DoS
Next by Date: Re: Hot fix for do_brk bug
Previous by thread: Re: Internet Explorer URL parsing vulnerability
Next by thread: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread