lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu Sep 15 06:38:28 2005
From: James.Williams at ca.com (Williams, James K)
Subject: NUL Character Evasion


> List:       full-disclosure
> Subject:    [Full-disclosure] NUL Character Evasion
> From:       ju () heisec ! de
> Date:       2005-09-13 21:24:42
>
> The Problem:
> ------------
> Internet Explorer ignores NUL characters
> -- i.e. ascii characters with the value 0x00 -- most
> security software does not. This behaviour of IE
> does not depend on the charset in the Content-Type-Header.

[...]

> eTrust-VET	HTML.MHTMLRedir!exploit

[...]

> -- 
> Juergen Schmidt   editor in chief    heise Security     www.heisec.de
> Heise Zeitschriften Verlag,    Helstorferstr. 7,       D-30625
Hannover
> Tel. +49 511 5352 300      FAX +49 511 5352 417       EMail
ju@...sec.de
> GPG-Key: 0x38EA4970,  5D7B 476D 84D5 94FF E7C5  67BE F895 0A18 38EA
4970
  

Juergen,

Thank you for the report.  Computer Associates is currently 
investigating the issue (as it relates to CA products).

Regards,
kw
                                                         
Ken Williams ; Dir. Vuln Research 
Computer Associates ; 0xE2941985

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ