Bugtraq: RE: Internet Explorer URL parsing vulnerability

Nmap Security Scanner

Intro

Docs
Security Lists

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: Internet Explorer URL parsing vulnerability

From: "Mimmus" <dviggiani () tiscali it>
Date: Thu, 11 Dec 2003 16:55:18 +0100

Can any workaround be used at proxy level? 

I.e. can malicious URLs be blocked using Squid?



Thanks in advance

Domenico Viggiani

-----Original Message-----

From: bugtraq () zapthedingbat com [mailto:bugtraq () zapthedingbat com]

Sent: Tuesday, December 09, 2003 3:44 PM

Subject: Internet Explorer URL parsing vulnerability

Internet Explorer URL parsing vulnerability

Vendor Notified 09 December, 2003

# Vulnerability ##########

There is a flaw in the way that Internet Explorer displays

URLs in the address bar.

By opening a specially crafted URL an attacker can open a

page that appears to be from a different domain from the

current location.

Current thread:

Re: Internet Explorer URL parsing vulnerability, (continued)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 10)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 10)
- RE: Internet Explorer URL parsing vulnerability Lance James (Dec 10)
- RE: Internet Explorer URL parsing vulnerability Mimmus (Dec 11)