Internet Explorer URL Display problem

Julian Field mailscanner at
Wed Dec 10 20:27:52 GMT 2003

At 20:05 10/12/2003, you wrote:
>Antony Stone wrote:
>>On Wednesday 10 December 2003 7:46 pm, Daniel Bird wrote:
>>>Off the top of my head, could you not do a simple SA rule like so:
>>>describe IE_VULN Body of email contains %01@ in a url
>>>uri IE_VULN / %01@/
>>>score IE_VULN 10.0
>>>Which would look for that pattern in a url.
>>The above isn't specific to finding the pattern in a URL
>>- although admittedly
>>I can't think of a valid reason why you'd expect to see a %01 anywhere, URL
>>or not.
>>Note by the way that the original notification referred to the %01 being
>>*after* the @ sign, not before it (before too many people go off and concoct
>>various pattern matches for the wrong pattern!)
>Indeed, that's what I thought. But looking at the html source of the
>proof of concept, the following is used:
>style="font: 8pt verdana, sans-serif;">
>            Test Exploit
>        </button>
>Obviously the pattern could be extended to look for a-z,0-9 etc after the @


uri IE_VULN /%01.*@/
score IE_VULN 10.0
describe IE_VULN Internet Explorer vulnerability

Julian Field
Professional Support Services at
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list