Threat Level: green Handler on Duty: Chris Mohan

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

URL Update to Internet Explorer URL Handling Vulnerability

Published: 2007-10-26
Last Updated: 2007-10-26 13:56:46 UTC
by Johannes Ullrich (Version: 2)
0 comment(s)

Earlier this month, Microsoft published KB943521. This article acknowledged that third party software had to validate URLs before passing them to Internet Explorer, as Internet Explorer will not validate them. Today, Microsoft published an update to the advisory, suggesting limited exploitation of this vulnerability.

Thanks to Chris and Gilbert to alert us of the update! Let us know if you see an exploit in the wild, or if you encounter any 3rd party applications which are not protecting Internet Explorer.

Update: unlike noted earlier, Microsoft is working on a patch for this problem. (thanks Nate for pointing this out)

Links:

www.microsoft.com/technet/security/advisory/943521.mspx

blogs.technet.com/msrc/archive/2007/10/25/ msrc-blog-october-25th-update-to-security-advisory-943521.aspx

 

Keywords:
0 comment(s)
Diary Archives