This one's a doozy. By including a 0x01 character ("%01") in a URL in
IE, that character and the rest of the URL does _not_ display in the
address box.In IE: http://www.microsoft.com the same page in Mozilla: http://[EMAIL PROTECTED]/security/ex01/vun2.htm To test the exploit, compare IE and any other browser at the URL: http://www.zapthedingbat.com/security/ex01/vun1.htm -- John Hebert System Engineer I T Group, Inc. 225-922-4535
