Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."
- http://marc.info/?l=bugtraq&m=110796851002781&w=2
- http://www.kb.cert.org/vuls/id/580299
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014
No PoCs found on GitHub currently.