Morning Wood wrote in news:[EMAIL PROTECTED]
> Jan 4, 2006
> Donnie Werner
> http://exploitlabs.com
>
> Web Browser / Outlook Express - stupid url handler behavior
>
>
> I doubt this warrants a fix ( nor Advisory ) , but it is realy dumb,
> note the sidebar and titles in OE when testing.
Except of course that it gives you a way to exploit that recent
overly-long LIST response buffer overflow[*] by forcing a connection to your
evil nntp server.... muhahaahahaaaa!
cheers,
DaveK
[*] Looked it up now. It's MS05-030.
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
