I saw a new IE exploit descibed as follows:
--------------------- http://www.secunia.com/advisories/10395/
Example displaying only "http://www.trusted_site.com"; in the address bar when the real domain is "malicious_site.com": http://[EMAIL PROTECTED]/malicious.html --------------------
I'm trying to use an acl to prevent access to such urls. I tried this:
acl ieflaw url_regex %01@
and
http_access deny ieflaw
but this doesn't seem to do anything at all
Can anyone help? This problem could be serious and who know when M$ will get it patched.
DB
