All Things Microsoft > Microsoft as a Company

New embarrasing bug discovered in IE

(1/2) > >>

Xeen:
A new flaw has been found in Microshit's Internet Explorer.

Generally, spoofers lure customers to bogus e-commerce Web sites with the hope of capturing personal information, such as Social Security (news - web sites) and credit-card numbers. A consumer entering www.amazon.com would be redirected to the fake Web site, but "www.amazon.com" would appear in the address bar.

 
quote: The vulnerability is caused by an input validation error, "which can be exploited by including the '%01' URL encoded representation after the username and right before the '@' character in an URL" Secunia explains in its advisory.  
--- End quote ---


Looks like Microsoft just cant write software. Period.

http://story.news.yahoo.com/news?tmpl=story&ncid=1212&e=5&u=/nf/20031211/tc_nf/22845&sid=95573505

WMD:
Another one?  Jesus.

It doesn't end, does it?

Enmity:
Looks like Mozilla ain't immune
http://www.mozillazine.org/talkback.html?article=4078

Zombie9920:
Ha

Refalm:
Oh... that's too easy  

It isn't a flaw anyways, and it's not even Internet Explorer or Mozilla's fault.

Example:

http://www.cnn.com%[email protected]:81/dnserror.html

[ December 12, 2003: Message edited by: Refalm ]

Navigation

[0] Message Index

[#] Next page

Go to full version