Bugtraq mailing list archives
RE: Internet Explorer URL parsing vulnerability
From: "http-equiv () excite com" <1 () malware com>
Date: Tue, 9 Dec 2003 22:52:06 -0000
The following works on Outlook Express 6 latest everything. Running on XP. http://cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00249.html 09% pushes malware.com out of sight in the task bar, and %01 leaves microsoft.com intact in the address bar: <A href="http://www.microsoft.com%01%09%09%09%09%09%09% 09 () www malware com">religious software</A> Certainly will add a new flavour to the ever increasing methods of trickery. Now all we need to do is spoof the file download name on an *.exe and away we go. -- http://www.malware.com
Current thread:
- Re: Internet Explorer URL parsing vulnerability, (continued)
- Re: Internet Explorer URL parsing vulnerability nesumin (Dec 23)
- Re: Internet Explorer URL parsing vulnerability soulshok (Dec 09)
- Message not available
- Re: Internet Explorer URL parsing vulnerability Eric "MightyE" Stevens (Dec 09)
- Message not available
- Internet Explorer URL parsing vulnerability John W. Noerenberg II (Dec 09)
- Re: Internet Explorer URL parsing vulnerability Pedro Castro (Dec 10)
- Re: Internet Explorer URL parsing vulnerability William Stockall (Dec 10)
- Re: Internet Explorer URL parsing vulnerability Andreas Plesner Jacobsen (Dec 10)
- Re: Internet Explorer URL parsing vulnerability Charles Richmond (Dec 11)
- Re: Internet Explorer URL parsing vulnerability Tiago Pierezan Camargo (Dec 10)
- Re: Internet Explorer URL parsing vulnerability Pedro Castro (Dec 10)