[Full-Disclosure] Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability
Jelmer
jkuperus at planet.nl
Fri Aug 6 16:26:59 BST 2004
>I found this vulnerability (or class of them) in July 2003 and
>described it on several security lists on March 9th, 2004.
There's at least one instance of prior art that I aware of
http://cert.uni-stuttgart.de/archive/bugtraq/2001/03/msg00193.html
I think there have been more but I can't seem to find them
>For examples
>(actual exploitable vulnerabilities), you can try Google search for
>"argument injection vulnerability" or read my messages on this list
>about Outlook mailto: URL vulnerability, Windows Help and Support
>Center HCP: URL vulnerability, or Lotus Notes notes: URL vulnerability.
Full-Disclosure is hosted and sponsored by Secunia.