SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Microsoft Internet Explorer Vendors:   Microsoft
Microsoft Internet Explorer Unregistered Protocol State Error Lets Remote Users Spoof Location Bar
SecurityTracker Alert ID:  1010957
SecurityTracker URL:  http://securitytracker.com/id/1010957
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 16 2004
Impact:   Modification of system information
Exploit Included:  Yes  
Version(s): 6
Description:   A vulnerability was reported in Microsoft Internet Explorer in the display of the location field. A remote user may be able to spoof a web site.

Liu Die Yu reported that a remote user can create HTML that, when loaded by the target user, will display HTML from an arbitrary web site but display a different arbitrary URL in the location bar.

This is achieved using Javascript that opens an unregistered protocol URL, opens the target web site, reloads the unregisterd protocol URL several times, and then loads an arbitrary page that contains a 'history.back()' scripting statement. The content at the arbitrary URL will be loaded in the window that contained the target web site content, but the location bar will still retain the URL for the target web site.

The vendor has reportedly been notified without response.

A demonstration exploit is available at:

http://umbrella.name/originalvuln/msie/NullyFake/test.htm

Impact:   A remote user can load arbitrary content in a window with a spoofed location bar URL.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  NullyFake - Site Spoofing in MSIE


SUBJ: NullyFake - Site Spoofing in MSIE 
FROM: Liu Die Yu <liudieyu AT umbrella D0T name>

[demo]
http://umbrella.name/originalvuln/msie/NullyFake/test.htm

[tested]
ie6.zhcn.sp1.up2date running on winxp.pro.zhcn.up2date : 2004/08/15
ie6.en.sp1.up2date running on winxp.pro.en.up2date : 2004/08/15
(xpsp2 does not appear at windows update website, so my computers with copyright winxp don't have it installed)

[exp]
just fake the location field - just useful for cheating people to input some stuff :-))))) 

i reported to ms ages ago, but got no reply so far. 

so, why i'm wasting another ie bug by publishing it? 

just to pass a message:
http://editive.com/   is running :-)

[greetingz]
guninski
malware
jelmer
brisy
feng4ever
seclists
- all guys and orgz listed at umbrella.name

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC