lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: jkuperus at planet.nl (Jelmer)
Subject: Re: Microsoft Internet Explorer 6 Protocol
 Handler Vulnerability


>I found this vulnerability (or class of them) in July 2003 and 
>described it on several security lists on March 9th, 2004. 

There's at least one instance of prior art that I aware of

http://cert.uni-stuttgart.de/archive/bugtraq/2001/03/msg00193.html

I think there have been more but I can't seem to find them

>For examples 
>(actual exploitable vulnerabilities), you can try Google search for 
>"argument injection vulnerability" or read my messages on this list 
>about Outlook mailto: URL vulnerability, Windows Help and Support 
>Center HCP: URL vulnerability, or Lotus Notes notes: URL vulnerability.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ