SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Browser)  >  Microsoft Internet Explorer (IE) Vendors:  Microsoft
Microsoft Internet Explorer Lets Remote Users Spoof the Status Bar Address with a Table Within a Link
SecurityTracker Alert ID:  1011987
SecurityTracker URL:  http://securitytracker.com/id?1011987
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Oct 31 2004
Original Entry Date:  Oct 29 2004
Impact:  Modification of system information
Exploit Included:  Yes  
Version(s): 6.0 (6.0.2800.1106)
Description:  A vulnerability was reported in Microsoft Internet Explorer (IE). A remote user can spoof URL addresses in the status bar.

Benjamin Tobias Franz reported that a remote user can create HTML with a link that will show an arbitrary URL in the status window when the target user places the mouse over the link.

Some demonstration exploit code is provided.

<a href="http://www.microsoft.com/"><table><tr><td><a
href="http: //www.google.com/">Click here</td></tr></table></a>

Version 6.0.2800.1106 is affected. Microsoft Outlook Express is also affected.

Thor Larholm of PivX Solutions reports that this is not a vulnerability, as the ability to modify the status bar is a design feature of many browsers. The modification can be implemented via the 'window.status' property.

[Editor's note: We could not reproduce this on version 6.0.2900.2180 (XP SP2 fully patched).]
Impact:  A remote user can create HTML that will spoof URL addresses in the status bar when the target user places the mouse over the spoofed link.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Windows (Any)
Reported By:  <0-1-2-3@gmx.de>
Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 2 2004 (Apple Safari is Affected) Microsoft Internet Explorer Lets Remote Users Spoof the Status Bar Address with a Table Within a Link   (Gilbert Verdian <gverdian@neoresearch.org>)
Apple's Safari web browser is also affected by this type of vulnerability.


 Source Message Contents
Date:  Thu, 28 Oct 2004 23:38:16 +0200
From:  <0-1-2-3@gmx.de>
Subject:  New URL spoofing bug in Microsoft Internet Explorer

 

New URL spoofing bug in Microsoft Internet Explorer

There is a security bug in Internet Explorer 6.0.2800.1106 (fully patched),
which allowes to show any faked target-address in the status bar of the
window.

The example below will display a faked URL ("http://www.microsoft.com/") in
the status bar of the window, if you move your mouse over the link. Click
on the link and IE will go to "http://www.google.com/" and NOT to
"http://www.microsoft.com/" .

<a href="http://www.microsoft.com/"><table><tr><td><a
href="http://www.google.com/">Click here</td></tr></table></a>

Description: Microsoft Internet Explorer can't handle links surrounded by a
table and an other link correct.

The bug can be exploited using HTML mail message too.

Affected software: Microsoft Internet Explorer, Microsoft Outlook Express,
...

Workaround: Don't click on non-trusted links. Or right-click on links to
see the real target. Or use Copy-and-Paste.


Regards,
Benjamin Tobias Franz
Germany


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC