Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

From: Kurczaba Associates advisories (advisories_at_kurczaba.com)
Date: 05/17/04

  • Next message: Janek Vind: "[waraxe-2004-SA#029 - Possible remote file inclusion in PhpNuke 6.x - 7.3]"
    Date: Mon, 17 May 2004 14:14:32 -0400
    To: bugtraq@securityfocus.com
    
    

    Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

    http://www.kurczaba.com/securityadvisories/0405132.htm
    -------------------------------------------------------------

    Vulnerability ID Number:
    0405132

    Overview:
    A vulnerability has been found in Microsoft Internet Explorer. A
    specially coded ImageMap can be used to spoof the URL displayed in the
    lower, left hand corner of the browser.

    Vendor:
    Microsoft (http://www.microsoft.com)

    Affected Systems/Configuration:
    The versions affected by this vulnerability are Microsoft Internet
    Explorer 5 and 6.

    Vulnerability/Exploit:
    An ImageMap can be used to spoof the URL displayed in the lower, left
    hand of the browser. View the "Proof of Concept" example for details.

    Workaround:
    None so far.

    Proof of Concept:
    http://www.kurczaba.com/securityadvisories/0405132poc.htm

    Date Discovered:
    May 13, 2004

    Severity:
    High

    Credit:
    Paul Kurczaba
    Kurczaba Associates
    http://www.kurczaba.com/


  • Next message: Janek Vind: "[waraxe-2004-SA#029 - Possible remote file inclusion in PhpNuke 6.x - 7.3]"

    Relevant Pages