On Sat, 5 Jan 2002, zen-parse wrote: > Problem: URL handler allows embedded commands. > May allow email viruses of the Outlook kind. > http://address/'&/some/program${IFS}with${IFS}arguments&' Isn't that old news? http://www.securityfocus.com/bid/810 I *can* be wrong, but it looks like it is the same problem... -- _____________________________________________________ Michal Zalewski [lcamtufat_private] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
This archive was generated by hypermail 2b30 : Sun Jan 06 2002 - 23:21:43 PST