Isn't Konqueror a "free software"? So, where's the "attached patch"?
Also confirmed on IE6.0.2900.2180 (XPSP2). Spammers does not have to use images... In addition to the IMG tag, this also applies to: 1) SRC attribute of SCRIPT, XML, INPUT (only when type=image), IFRAME, FRAME, BGSOUND and EMBED tags. IFRAME and FRAME tags will show an error message. 2) HREF attribute of LINK tag, but only when the REL="stylesheet". 3) BACKGROUND attribute of TABLE, TH and TD tags, and with CSS - "background:url(ftp://...)." 4) DYNSRC attribute of IMG tag. -- Aviv Raff >From "Zen and the Art of Why Linux Sucks": "Ahh.. Can you feel the smell of the 'open source' zealots in the morning?". -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Gulliver Sent: Friday, December 24, 2004 4:25 PM To: [email protected] Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Internet Explorer FTP client can be used to send mail > Product: Microsoft Internet Explorer > Version: 6.0.2800.1106, 6.0.2900 > > Product: Microsoft Outlook Express > Version: 6 SP1 Win2K (reported by Brian Bruns) > > Description: > Internet Explorer can be tricked into sending mail through its FTP client without any more user interaction than loading a page. > > Details: > Internet Explorer will accept %0a and %0d in URLs. In FTP URLs, it will accept them in the username part of the URL. Due to the similarity between the FTP and SMTP protocols, this can be used to send mail. > > Danger: > Spammers could host websites that contain images causing website visitors to spam more people. There are probably other protocols that the FTP client could be used to maliciously access. > > Example: > http://dsbl.org/testingground/IE-FTP-SMTP-link/ > > Fix: > Connections to port 25 should be blocked (ala lynx) and newline characters, post-decoding, shouldn't be accepted in places where they represent protocol delimiters. > > Vendor notification: > None; patch would be attached if this was free software. Emanuele Balla reports the Konqueror 3.2 is also vulnerable. -- Ian Gulliver Penguin Hosting "Failure is not an option; it comes bundled with your Microsoft products." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
