Vulnerability Development mailing list archives

Re: IIS and unicode

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Thu, 26 Oct 2000 00:49:17 +0200

Well, I'm only remotely familiar with unicode, but...

unicode is the same standard all over the world (only some terminals can't
display certain characters), and english systems supports unicode as well
today. Running english versions probably won't help one bit. In windows,
unicode is becoming a deeply built-in standard, supported by most APIs.

Ps. unicode = 2 byte character is only true for raw unicode. As an
example, the UTF-8 standard is based around 7/8bit ascii but with unicode
extesions. Any ASCII file is a UTF-8 file, but not vice-versa.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

             http://www.eff.org/cafe

On Tue, 24 Oct 2000, aliver vilereal wrote:

ok,
is it true that the unicode exploit only works under foreign machines
that use 2-byte characters?  if so, how can i check (in a http response)
if this is a vulnerable system.  i have heard that english systems are
also vulnerable, but require a differnt string to be passed to them, is
this true?

thank you for your help

aliver vilereal
ubermother

Current thread:

IIS and unicode aliver vilereal (Oct 26)
- Re: IIS and unicode Robert A. Seace (Oct 26)
- Re: IIS and unicode Bluefish (P.Magnusson) (Oct 26)
- <Possible follow-ups>
- Re: IIS and unicode Ryan Yagatich (Oct 27)