Internet Explorer URL Spoofing Vulnerability - Microsoft Windows

This is a discussion on Internet Explorer URL Spoofing Vulnerability - Microsoft Windows ; http://www.secunia.com/advisories/10395/ SOFTWARE: Microsoft Internet Explorer 6 DESCRIPTION: A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address bar. The vulnerability is caused due to an input validation ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Internet Explorer URL Spoofing Vulnerability

  1. Internet Explorer URL Spoofing Vulnerability

    http://www.secunia.com/advisories/10395/

    SOFTWARE:
    Microsoft Internet Explorer 6

    DESCRIPTION:
    A vulnerability has been identified in Internet Explorer, which can
    be exploited by malicious people to display a fake URL in the address
    bar.

    The vulnerability is caused due to an input validation error, which
    can be exploited by including the "%01" URL encoded representation
    after the username and right before the "@" character in an URL.

    Successful exploitation allows a malicious person to display an
    arbitrary FQDN (Fully Qualified Domain Name) in the address bar,
    which is different from the actual location of the page.

    This can be exploited to trick users into divulging sensitive
    information or download and execute malware on their systems, because
    they trust the faked domain in the address bar.

    Example displaying only "http://www.trusted_site.com" in the address
    bar when the real domain is "malicious_site.com":
    http://www.trusted_site.com%01@malic...malicious.html

    The vulnerability has been confirmed in version 6.0. However, prior
    versions may also be affected.

    SOLUTION:
    Switch to Linux and use Mozilla, Konqueror, Opera.

    --

    A fatal exception 0E has occurred at 0028:C000BD1D in VXD VMM(01) +
    0000AD1D. The current application will be terminated.

  2. Re: Internet Explorer URL Spoofing Vulnerability

    Dr alw wrote in message news:<5VsBb.5690$_r6.779@newsread1.news.pas.earthlink.ne t>...
    > http://www.secunia.com/advisories/10395/
    >
    > SOFTWARE:
    > Microsoft Internet Explorer 6
    >
    > DESCRIPTION:

    [snip]
    Part of the OS
    >
    > SOLUTION:
    > Switch to Linux and use Mozilla, Konqueror, Opera.


    I will never switch to using Linux because I will lose my job. Someone
    has to keep patching servers every day. And Microsoft have promised me
    an easy life as well by only releasing patches every month - that way
    I can schedule my work! 3 weeks playing Quake, 1 week patching. And I
    get paid the same!

+ Reply to Thread