On Sat, 5 Jan 2002, zen-parse wrote: > Problem: URL handler allows embedded commands. > May allow email viruses of the Outlook kind. > http://address/'&/some/program${IFS}with${IFS}arguments&' Isn't that old news? http://www.securityfocus.com/bid/810 I *can* be wrong, but it looks like it is the same problem... -- _____________________________________________________ Michal Zalewski [lcamtuf@bos.bindview.com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
