Re: [Full-Disclosure] Internet Explorer URL parsing vulnerability - fix available

From: Gregory A. Gilliss (ggilliss_at_netpublishing.com)
Date: 12/16/03

Next message: Daniel Sichel: "[Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #1331 - 20 msgs"

Previous message: misiu__at_gmx.de: "Re: [Full-Disclosure] Symantec Manhunt ?"
In reply to: Frank Hagenson: "[Full-Disclosure] Internet Explorer URL parsing vulnerability - fix available"
Next in thread: Exibar: "Re: [Full-Disclosure] Internet Explorer URL parsing vulnerability - fix available"
Reply: Exibar: "Re: [Full-Disclosure] Internet Explorer URL parsing vulnerability - fix available"
Reply: Ron DuFresne: "Re: [Full-Disclosure] Internet Explorer URL parsing vulnerability - fix available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Tue, 16 Dec 2003 11:29:06 -0800

Well his post gives me some pause...since this is a "shareware" product
(the poster is out to make some $$$ for themselves) I wonder that it doesn't
count as a commercial solicitation. Besides that, AFAIK the URL filter
is not available in source code format (for peer review). IN short, I'd
say that this is about as far from "full disclosure" as you can get,
albeit that it does appear to address the vulnerability...

On or about 2003.12.16 16:31:54 +0000, Frank Hagenson (fulldisclosure@hagenson.com) said:

> A fix for this vulnerability is available at my website:
> http://www.abracadabrasolutions.com/UrlFilter.htm
>
> Regards,
> Frank Hagenson.

-- 
Gregory A. Gilliss, CISSP                              E-mail: greg@gilliss.com
Computer Security                             WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Daniel Sichel: "[Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #1331 - 20 msgs"

Previous message: misiu__at_gmx.de: "Re: [Full-Disclosure] Symantec Manhunt ?"
In reply to: Frank Hagenson: "[Full-Disclosure] Internet Explorer URL parsing vulnerability - fix available"
Next in thread: Exibar: "Re: [Full-Disclosure] Internet Explorer URL parsing vulnerability - fix available"
Reply: Exibar: "Re: [Full-Disclosure] Internet Explorer URL parsing vulnerability - fix available"
Reply: Ron DuFresne: "Re: [Full-Disclosure] Internet Explorer URL parsing vulnerability - fix available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: MP needed for 24x36 print?
... > I don't see any references to larger prints. ... > 24x36 poster size print in regards to digital photo resolution and ...
(rec.photo.digital)
Re: Shareware without dedicated homepage
... Best Regards, ... Peter Van Hove ... > always see that if someone offers a shareware there is also a dedicated ... > "well done" internet page to satisfy your possible customers. ...
(comp.software.shareware.authors)
Re: Italian Mezzos
... If a poster asked, 'tell me about ... And his snide remarks about people in public life are ... Best regards ... Your "tribal voter" remark troubles me. ...
(rec.music.opera)
Re: Problem installing and running OpenOffice
... many thanks to Jeff and Dave and all other poster. ... Best regards ... Rainer ...
(comp.unix.solaris)
Re: BELI & ANNE PEDIGREE
... Beli, husband of Anne, and ... Does anyone know the poster? ... Is he serious or is he just having a laugh? ... Regards ...
(soc.genealogy.britain)