Visualizza messaggio singolo
Vecchio 17-08-2004, 12.30.34   #1
Gold Member
Top Poster
L'avatar di Giorgius
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
Giorgius promette bene
Internet Explorer Address Bar Spoofing Vulnerability

Liu Die Yu has discovered a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to conduct phishing attacks against a user.

The vulnerability is caused due to Internet Explorer failing to update the address bar after a sequence of actions has been performed on a named window. This can be exploited to display content from a malicious site while displaying the URL of a trusted site in the address bar.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6 running on Microsoft Windows 2000 SP4 / Microsoft Windows XP SP1.

Previous versions of Internet Explorer may also be affected.

Secunia has developed a demonstration of the vulnerability, which may be found here:

NOTE: Currently known attack vectors do not work on Windows XP systems with SP2 applied.

Giorgius non  collegato   Rispondi citando