Full Disclosure mailing list archives
Re: Homograph attack fools (older versions of) Internet Explorer too
From: Kevin Connolly <kmc () eircom net>
Date: Wed, 09 Feb 2005 14:29:16 +0100
Use of Unicode codes in the href fools older versions of IE when it parses the hostname part. Obviously this has been fixed in a previous patch (my bad for not checking with a fully patched machine first! ) NOT vulnerable IE 6.0.2800.1106.xpsp2.040919-1003C0 vulnerable IE 6.0.2800.1106.xpsp2.030422-1633 I may get around to writing up the details but it is not urgent now that I know that fully patched IE is not vulnerable to this. Kevin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Homograph attack fools Internet Explorer too Kevin Connolly (Feb 09)
- Re: Homograph attack fools (older versions of) Internet Explorer too Kevin Connolly (Feb 09)