Internet Explorer URL parsing vulnerability

["John W. Noerenberg II" <jwn2@xxxxxxxxxxxx>]

This exploit also applies to the Macintosh version of Explorer v5.2.3(5815.1)

> From: <bugtraq@xxxxxxxxxxxxxxxxx>
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Internet Explorer URL parsing vulnerability
>
>
>
> Internet Explorer URL parsing vulnerability
> Vendor Notified 09 December, 2003
>
> # Vulnerability ##########
> There is a flaw in the way that Internet Explorer displays URLs in 
> the address bar.
>
> By opening a specially crafted URL an attacker can open a page that 
> appears to be from a different domain from the current location.
>
> # Exploit ##########
> By opening a window using the http://user@domain nomenclature an 
> attacker can hide the real location of the page by including a 0x01 
> character after the "@" character.
> Internet Explorer doesn't display the rest of the URL making the 
> page appear to be at a different domain.
>
> # POC ##########
> http://www.zapthedingbat.com/security/ex01/vun1.htm
>
> # Tested ##########
> Internet Explorer
> Version 6.0.2800.1106C0
> Updates: SP1, Q810847, Q810351, Q822925, Q330994, Q828750, Q824145
>
> # Credit ##########
> Zap The Dingbat
> http://www.zapthedingbat.com/

--

john noerenberg
  ----------------------------------------------------------------------
  According to a [1200-page!] study just released by researchers
   at Duke University, life is too hard.
  -- Ian Frazier, "Researchers Say", New Yorker, Dec 2002
  ----------------------------------------------------------------------