Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Internet Explorer URL parsing vulnerability

From: S G Masood <sgmasood () yahoo com>
Date: Thu, 11 Dec 2003 09:14:03 -0800 (PST)
Hello Paul,

I posted reply to your message before but it didn't
appear on the list. There seems to be some problem
with the listserv. This is the second message that was
lost in the last 24 hours.

--- "Schmehl, Paul L" <pauls () utdallas edu> wrote:


Hey, to be very honest, if this was 0day and the

spoof was 

well constructed, even you and me would probably

fall for it. ;D



Really?  I kind of doubt it, since I would never
click on a link in an
email message that had anything to do with financial
matters.  I doubt
that you would either - 0day or not.



I was talking about a very general form of
exploitation, not specifically email links that lead
to a financial/banking spoof site. A whole range of
social engineering goals can be accomplished by using
this vuln., creatively in a subtle way. Subtlety is
the key here. Just think about all the possibilities!
:) 

Petard posted a funny example just now -
http://petard.freeshell.org/ms-announce.html

--
S.G.Masood

__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: