Full Disclosure mailing list archives
Re: NUL Character Evasion
From: "Williams, James K" <James.Williams () ca com>
Date: Thu, 15 Sep 2005 01:37:43 -0400
List: full-disclosure Subject: [Full-disclosure] NUL Character Evasion From: ju () heisec ! de Date: 2005-09-13 21:24:42 The Problem: ------------ Internet Explorer ignores NUL characters -- i.e. ascii characters with the value 0x00 -- most security software does not. This behaviour of IE does not depend on the charset in the Content-Type-Header.
[...]
eTrust-VET HTML.MHTMLRedir!exploit
[...]
-- Juergen Schmidt editor in chief heise Security www.heisec.de Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625
Hannover
Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail
ju () heisec de
GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA
4970 Juergen, Thank you for the report. Computer Associates is currently investigating the issue (as it relates to CA products). Regards, kw Ken Williams ; Dir. Vuln Research Computer Associates ; 0xE2941985 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- NUL Character Evasion ju (Sep 14)
- Re: NUL Character Evasion Steffen Kluge (Sep 15)
- Re[2]: NUL Character Evasion 3APA3A (Sep 16)
- <Possible follow-ups>
- Re: NUL Character Evasion Williams, James K (Sep 14)
- Re: NUL Character Evasion fd (Sep 15)
- Re: NUL Character Evasion Williams, James K (Sep 16)
- Re: NUL Character Evasion Steffen Kluge (Sep 15)