Bugtraq mailing list archives

Re: Internet Explorer URL parsing vulnerability

From: Charles Richmond <cmr () iisc com>
Date: Wed, 10 Dec 2003 19:43:57 -0500

Using the POC at http://www.zapthedingbat.com/security/ex01/vun1.htm

The following do NOT have the vulnerability.

MacOSX 10.2.28  Mozilla Firebird 0.6            NOT vulnerability
MacOSX 10.2.28  Mozilla Firebird 0.7.1          NOT vulnerability
MacOSX 10.2.28  IE 5.2.2 (5010.1)                       NOT vulnerability
MacOSX 10.2.28  IE 5.2.3 (5815.1)                       NOT vulnerability

With both Firebird and IE the following is the same result. The
line below is a cut/paste.

http://www.microsoft.com%01 () zapthedingbat com/security/ex01/vun2.htm

Someone have a different test site?

Bugtraq seems to be holding my posts lately so if you don't see this
please relay it to the list.

On Wednesday, December 10, 2003, at 02:26 PM, Andreas Plesner Jacobsenwrote:

On Wed, Dec 10, 2003 at 12:13:57AM +0000, Pedro Castro wrote:

From: <bugtraq () zapthedingbat com>
To: bugtraq () securityfocus com
Subject: Internet Explorer URL parsing vulnerability

Internet Explorer URL parsing vulnerability
Vendor Notified 09 December, 2003

# Vulnerability ##########
There is a flaw in the way that Internet Explorer displays URLs in
the address bar.

By opening a specially crafted URL an attacker can open a page that
appears to be from a different domain from the current location.

This exploit also applies to the Macintosh version of Explorer
v5.2.3(5815.1)


It does also apply to Mozilla Firebird 0.7.


Not the Linux edition, perhaps only on Windows?

--
Andreas Plesner Jacobsen | Owe no man any thing...
                         |              -- Romans 13:8


   Charles Richmond    Implemented Integrated Systems Corporation
      cmr () iisc com   cmr () acm org   YIM:cmriisc   http://www.iisc.com
   O/S, I18N, Systems Development, Process and Integration Providers
            131 Bishop's Forest Drive , Waltham , Ma. USA 02452
      (781) 647 2246   FAX (781) 647 3665   Cellular (781) 389 9777

Current thread:

Internet Explorer URL parsing vulnerability bugtraq (Dec 09)
- Re: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 10)
- Re: Internet Explorer URL parsing vulnerability nesumin (Dec 23)
- <Possible follow-ups>
- Re: Internet Explorer URL parsing vulnerability soulshok (Dec 09)
  - Message not available
    - Re: Internet Explorer URL parsing vulnerability Eric "MightyE" Stevens (Dec 09)
- Internet Explorer URL parsing vulnerability John W. Noerenberg II (Dec 09)
  - Re: Internet Explorer URL parsing vulnerability Pedro Castro (Dec 10)
    - Re: Internet Explorer URL parsing vulnerability William Stockall (Dec 10)
    - Re: Internet Explorer URL parsing vulnerability Andreas Plesner Jacobsen (Dec 10)
    - Re: Internet Explorer URL parsing vulnerability Charles Richmond (Dec 11)
    - Re: Internet Explorer URL parsing vulnerability Tiago Pierezan Camargo (Dec 10)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 10)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 10)
- RE: Internet Explorer URL parsing vulnerability Lance James (Dec 10)
- RE: Internet Explorer URL parsing vulnerability Mimmus (Dec 11)