Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006

To: bugtraq@xxxxxxxxxxxxxxxxx, Full-Disclosure@xxxxxxxxxxxxxxxxx, NTBugtraq@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006
From: "HASEGAWA Yosuke " <yosuke.hasegawa@xxxxxxxxx>
Date: Fri, 27 Oct 2006 19:35:03 +0900
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XMZkNCQ0IUajdXU8+1mvCcAAe21GDPDHUK9hWKXONTVbWqnw5/nePo7Ovvk5E3dynr1fxa5jeGLqIDfJxG6WKdH6SD7vF+I7aeTPIRz+rcwdYbvuJ8Av3h6pMuTxc/DOrbvVjdJYn5YqF0iFSeVsG793qi5+o67FB8dGmbQigzw=
In-reply-to: <87e395c80610261042n5f45d29ch2ea6f8fd1f3b0e62@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <87e395c80610261042n5f45d29ch2ea6f8fd1f3b0e62@xxxxxxxxxxxxxx>

Hi.

On 10/27/06, LIUDIEYU dot COM <liudieyu.com@xxxxxxxxx> wrote:

Upon IE7 release, Secunia published SA22477 titled `Internet Explorer
7 "mhtml:" Redirection Information Disclosure`.


It seems to be able to make redirecting with mhtml fail by returning
the response by 201 or 202.
There for, It is possible for this to prevent trying to steal the
contents of your server via mhtml redirection.

--
HASEGAWA Yosuke
   yosuke.hasegawa@xxxxxxxxx

References:
- IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006
  - From: LIUDIEYU dot COM

Prev by Date: Re: IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006
Next by Date: SMF fgets off-by-one issue and filter size evasion
Previous by thread: Re: IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006
Next by thread: TSLSA-2006-0059 - postgresql
Index(es):
- Date
- Thread