[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Homograph attack fools (older versions of) Internet Explorer too



Use of Unicode codes in the href fools older versions of IE when it parses
the hostname part.

Obviously this has been fixed in a previous patch (my bad for not checking with
a fully patched machine first! )

NOT vulnerable  IE 6.0.2800.1106.xpsp2.040919-1003C0
vulnerable      IE 6.0.2800.1106.xpsp2.030422-1633

I may get around to writing up the details but it is not urgent now that
I know that fully patched IE is not vulnerable to this.

Kevin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html