Full Disclosure mailing list archives
Re: OE - news:// stupid url handler behavior
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Thu, 5 Jan 2006 14:22:26 -0000
Morning Wood wrote in news:BAY19-DAV2B7681DF5B766A5D8D2F9D92E0 () phx gbl
Jan 4, 2006 Donnie Werner http://exploitlabs.com Web Browser / Outlook Express - stupid url handler behavior I doubt this warrants a fix ( nor Advisory ) , but it is realy dumb, note the sidebar and titles in OE when testing.
Except of course that it gives you a way to exploit that recent overly-long LIST response buffer overflow[*] by forcing a connection to your evil nntp server.... muhahaahahaaaa! cheers, DaveK [*] Looked it up now. It's MS05-030. -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- OE - news:// stupid url handler behavior Morning Wood (Jan 05)
- Re: OE - news:// stupid url handler behavior Dave Korn (Jan 05)
- <Possible follow-ups>
- Re: OE - news:// stupid url handler behavior J4y D33 (Jan 05)