/. users need to keep their eyes open for patches!!
The patch was releasd some time back and/. did a story on it too.
OpenWares.org
Look for the IE patch. It was released Dec 2003
"This patch addresses a vulnerability in Microsoft Internet Explorer that could allow Hackers and con-artists to to display a fake URL in the address and status bars. The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL. "
Slashdot Mirror
I know MS has not released anything for this, but if someone else has use it. See the example which came on the site.
/. users need to keep their eyes open for patches!! The patch was releasd some time back and /. did a story on it too.
OpenWares.org
Look for the IE patch. It was released Dec 2003
"This patch addresses a vulnerability in Microsoft Internet Explorer that could allow Hackers and con-artists to to display a fake URL in the address and status bars. The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL. "