I saw a new IE exploit descibed as follows:
---------------------
http://www.secunia.com/advisories/10395/
Example displaying only "http://www.trusted_site.com" in the address bar
when the real domain is "malicious_site.com":
http://www.trusted_site.com%01@malicious_site.com/malicious.html
--------------------
I'm trying to use an acl to prevent access to such urls. I tried this:
acl ieflaw url_regex %01@
and
http_access deny ieflaw
but this doesn't seem to do anything at all
Can anyone help? This problem could be serious and who know when M$ will
get it patched.
DB
Received on Thu Dec 11 2003 - 08:07:37 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:10 MST