IE URL vulnerability exploits have begun

James Gray james at
Mon Jan 12 01:54:40 GMT 2004

On Mon, 12 Jan 2004 10:39 am, Chris Yuzik wrote:

> If you haven't already done so, I strongly suggest everyone get medieval
> on this exploit and kill it before it arrives in your user's inboxes.
> This time it was Bank of America. Next it will be Visa, Mastercard,
> Amex, or who knows.
> I have the following rule in spam.assassin.prefs.conf:
> uri     IE_VULN         /https?:\/\/.*%([01][0-9a-f]|7f).*@/i
> score   IE_VULN         100.0
> describe        IE_VULN Internet Explorer vulnerability
> I can't help but ask myself why Microsoft refuses to fix this
> vulnerability. Mozilla doesn't suffer from it and Konqueror doesn't
> either (long live open source). It's not like it was just discovered
> yesterday. Does anyone have a good conspiracy theory?
> Cheers,
> Chris

McAfee Virus Scan picks up these IE exploits as "Exploit-URLSpoof trojan"
which is kinda neat.  If you are using NAI/McAfee command line scanner, you
need as a minimum:
DAT:    4311 (24-Dec-2004)
Engine: 4.2.40

Read about it here:

Fortune cookies says:
"If value corrupts then absolute value corrupts absolutely."

More information about the MailScanner mailing list