New URL spoofing bug in Microsoft Internet Explorer

• Previous message: 3APA3A: "Presentation: Bypassing client application protection techniques with notepad"
• Next in thread: Russ: "Re: New URL spoofing bug in Microsoft Internet Explorer"
• Maybe reply: Russ: "Re: New URL spoofing bug in Microsoft Internet Explorer"
• Maybe reply: James C Slora Jr: "Re: New URL spoofing bug in Microsoft Internet Explorer"
• Maybe reply: Yergeau, Tom: "Re: New URL spoofing bug in Microsoft Internet Explorer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Thu, 28 Oct 2004 23:38:11 +0200
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

New URL spoofing bug in Microsoft Internet Explorer - October 27, 2004

There is a security bug in Internet Explorer 6.0.2800.1106 (fully patched),
which allowes to show any faked target-address in the status bar of the
window.

The example below will display a faked URL ("http://www.microsoft.com/") in
the status bar of the window, if you move your mouse over the link. Click
on the link and IE will go to "http://www.google.com/" and NOT to
"http://www.microsoft.com/" .

<a href="http://www.microsoft.com/"><table><tr><td><a
href="http://www.google.com/">Click here</td></tr></table></a>

Description: Microsoft Internet Explorer can't handle links surrounded by a
table and an other link correct.

The bug can be exploited using HTML mail message too.

Affected software: Microsoft Internet Explorer, Microsoft Outlook Express,
...

Workaround: Don't click on non-trusted links. Or right-click on links to
see the real target. Or use Copy-and-Paste.

Regards,
Benjamin Tobias Franz
Germany

--
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
--

• Previous message: 3APA3A: "Presentation: Bypassing client application protection techniques with notepad"
• Next in thread: Russ: "Re: New URL spoofing bug in Microsoft Internet Explorer"
• Maybe reply: Russ: "Re: New URL spoofing bug in Microsoft Internet Explorer"
• Maybe reply: James C Slora Jr: "Re: New URL spoofing bug in Microsoft Internet Explorer"
• Maybe reply: Yergeau, Tom: "Re: New URL spoofing bug in Microsoft Internet Explorer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: New URL spoofing bug in Microsoft Internet Explorer ... Has no problem - the status bar says Google and the click goes to Google ... New URL spoofing bug in Microsoft Internet Explorer ... in the status bar of the window, if you move your mouse over the link. ... (Bugtraq) Re: New URL spoofing bug in Microsoft Internet Explorer ... a bug or an exploit really. ... > the status bar. ... I have made a quick page that hosts both "exploits" here as HTML: ... >> New URL spoofing bug in Microsoft Internet Explorer ... (Bugtraq) Re: New URL spoofing bug in Microsoft Internet Explorer ... I'm not arguing that this isn't a bug mind you - it certainly is ... I have made a quick page that hosts both "exploits" here as HTML: ... > New URL spoofing bug in Microsoft Internet Explorer ... > the status bar of the window, if you move your mouse over the link. ... (Bugtraq) New URL spoofing bug in Microsoft Internet Explorer ... New URL spoofing bug in Microsoft Internet Explorer ... which allowes to show any faked target-address in the status bar of the ... (Bugtraq) Re: Active X help ... LOCALMACHINE_LOCKDOWN feature of XP SP2 ... > Window XP Shell/User ... > A current version of Microsoft Internet Explorer is not supporting ... (microsoft.public.windowsxp.help_and_support)