RE: Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability

[Jelmer <jkuperus () planet nl>]

> I found this vulnerability (or class of them) in July 2003 and 
> described it on several security lists on March 9th, 2004. 

There's at least one instance of prior art that I aware of

http://cert.uni-stuttgart.de/archive/bugtraq/2001/03/msg00193.html

I think there have been more but I can't seem to find them

> For examples 
> (actual exploitable vulnerabilities), you can try Google search for 
> "argument injection vulnerability" or read my messages on this list 
> about Outlook mailto: URL vulnerability, Windows Help and Support 
> Center HCP: URL vulnerability, or Lotus Notes notes: URL vulnerability.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html