> List: full-disclosure
> Subject: [Full-disclosure] NUL Character Evasion
> From: ju () heisec ! de
> Date: 2005-09-13 21:24:42
>
> The Problem:
> ------------
> Internet Explorer ignores NUL characters
> -- i.e. ascii characters with the value 0x00 -- most
> security software does not. This behaviour of IE
> does not depend on the charset in the Content-Type-Header.
[...]
> eTrust-VET HTML.MHTMLRedir!exploit
[...]
> --
> Juergen Schmidt editor in chief heise Security www.heisec.de
> Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625
Hannover
> Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail
[EMAIL PROTECTED]
> GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA
4970
Juergen,
Thank you for the report. Computer Associates is currently
investigating the issue (as it relates to CA products).
Regards,
kw
Ken Williams ; Dir. Vuln Research
Computer Associates ; 0xE2941985
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
