[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006

To: bugtraq@xxxxxxxxxxxxxxxxx, Full-Disclosure@xxxxxxxxxxxxxxxxx, NTBugtraq@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006
From: "HASEGAWA Yosuke " <yosuke.hasegawa@xxxxxxxxx>
Date: Fri, 27 Oct 2006 19:35:03 +0900

Hi.

On 10/27/06, LIUDIEYU dot COM <liudieyu.com@xxxxxxxxx> wrote:
> Upon IE7 release, Secunia published SA22477 titled `Internet Explorer
> 7 "mhtml:" Redirection Information Disclosure`.

It seems to be able to make redirecting with mhtml fail by returning
the response by 201 or 202.
There for, It is possible for this to prevent trying to steal the
contents of your server via mhtml redirection.

-- 
HASEGAWA Yosuke
    yosuke.hasegawa@xxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006
  - From: LIUDIEYU dot COM

Prev by Date: Re: [Full-disclosure] Yahoo! Messenger Service 18 Remote Buffer Overflow Vulnerability
Next by Date: [Full-disclosure] MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues
Previous by thread: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006
Next by thread: Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006
Index(es):
- Date
- Thread