[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031216192906.GA19102@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: Internet Explorer URL parsing vulnerability - fix available
Well his post gives me some pause...since this is a "shareware" product
(the poster is out to make some $$$ for themselves) I wonder that it doesn't
count as a commercial solicitation. Besides that, AFAIK the URL filter
is not available in source code format (for peer review). IN short, I'd
say that this is about as far from "full disclosure" as you can get,
albeit that it does appear to address the vulnerability...
G
On or about 2003.12.16 16:31:54 +0000, Frank Hagenson (fulldisclosure@...enson.com) said:
> A fix for this vulnerability is available at my website:
> http://www.abracadabrasolutions.com/UrlFilter.htm
>
> Regards,
> Frank Hagenson.
--
Gregory A. Gilliss, CISSP E-mail: greg@...liss.com
Computer Security WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
Powered by blists - more mailing lists