[Full-Disclosure] Re: Homograph attack fools (older versions of) Internet Explorer too

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Re: Homograph attack fools (older versions of) Internet Explorer too
From: Kevin Connolly <kmc@xxxxxxxxxx>
Date: Wed, 09 Feb 2005 14:29:16 +0100

Use of Unicode codes in the href fools older versions of IE when it parses
the hostname part.

Obviously this has been fixed in a previous patch (my bad for not checking with
a fully patched machine first! )

NOT vulnerable  IE 6.0.2800.1106.xpsp2.040919-1003C0
vulnerable      IE 6.0.2800.1106.xpsp2.030422-1633

I may get around to writing up the details but it is not urgent now that
I know that fully patched IE is not vulnerable to this.

Kevin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Homograph attack fools Internet Explorer too
  - From: Kevin Connolly