[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability

To: "'Jouko Pynnonen'" <jouko@xxxxxx>, "'Robillard, Nicolas'" <nicolas.robillard@xxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability
From: Jelmer <jkuperus@xxxxxxxxx>
Date: Fri, 06 Aug 2004 17:26:59 +0200


>I found this vulnerability (or class of them) in July 2003 and 
>described it on several security lists on March 9th, 2004. 

There's at least one instance of prior art that I aware of

http://cert.uni-stuttgart.de/archive/bugtraq/2001/03/msg00193.html

I think there have been more but I can't seem to find them

>For examples 
>(actual exploitable vulnerabilities), you can try Google search for 
>"argument injection vulnerability" or read my messages on this list 
>about Outlook mailto: URL vulnerability, Windows Help and Support 
>Center HCP: URL vulnerability, or Lotus Notes notes: URL vulnerability.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability
  - From: Jouko Pynnonen

Prev by Date: Re: [Full-Disclosure] New Security web site: http://exploitwatch.org
Next by Date: Re: [Full-Disclosure] Re: MS04-025 - Ignorance is truly bliss....
Previous by thread: [Full-Disclosure] Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability
Next by thread: RE: [Full-Disclosure] Finally the truth slips out.*************OFF TOPIC***********************
Index(es):
- Date
- Thread