RE: Internet Explorer URL parsing vulnerability

To: "bugtraq" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Internet Explorer URL parsing vulnerability
From: "Mimmus" <dviggiani@xxxxxxxxxx>
Date: Thu, 11 Dec 2003 16:55:18 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Can any workaround be used at proxy level? 

I.e. can malicious URLs be blocked using Squid?



Thanks in advance

Domenico Viggiani



> -----Original Message-----

> From: bugtraq@xxxxxxxxxxxxxxxxx [mailto:bugtraq@xxxxxxxxxxxxxxxxx]

> Sent: Tuesday, December 09, 2003 3:44 PM

> Subject: Internet Explorer URL parsing vulnerability

> 

> Internet Explorer URL parsing vulnerability

> Vendor Notified 09 December, 2003

> 

> # Vulnerability ##########

> There is a flaw in the way that Internet Explorer displays 

> URLs in the address bar.

> 

> By opening a specially crafted URL an attacker can open a 

> page that appears to be from a different domain from the 

> current location.

Prev by Date: [RHSA-2003:390-01] Updated gnupg packages disable ElGamal keys
Next by Date: Re: A new TCP/IP blind data injection technique?
Previous by thread: RE: Internet Explorer URL parsing vulnerability
Next by thread: @Mail web interface multiple security vulnerabilities
Index(es):
- Date
- Thread