RE: New URL spoofing bug in Microsoft Internet Explorer

From: Larry Seltzer (larry_at_larryseltzer.com)
Date: 10/29/04

  • Next message: Richard Dawe: "Re: libgd integer overflow" 
    To: <0-1-2-3@gmx.de>, <bugtraq@securityfocus.com>
Date: Thu, 28 Oct 2004 22:14:28 -0400

    Windows XP SP2 (IE 6.0.2900.2180.xpsp_sp2_rtm.040803-2158)
    Has no problem - the status bar says Google and the click goes to Google

    Larry Seltzer
    eWEEK.com Security Center Editor
    http://security.eweek.com/
    http://blog.ziffdavis.com/seltzer
    larryseltzer@ziffdavis.com
    -----Original Message-----
    From: 0-1-2-3@gmx.de [mailto:0-1-2-3@gmx.de]
    Sent: Thursday, October 28, 2004 5:38 PM
    To: bugtraq@securityfocus.com
    Subject: New URL spoofing bug in Microsoft Internet Explorer

    New URL spoofing bug in Microsoft Internet Explorer

    There is a security bug in Internet Explorer 6.0.2800.1106 (fully
    patched), which allowes to show any faked target-address in the status
    bar of the window.

    The example below will display a faked URL ("http://www.microsoft.com/")
    in the status bar of the window, if you move your mouse over the link.
    Click on the link and IE will go to "http://www.google.com/" and NOT to
    "http://www.microsoft.com/" .

    <a href="http://www.microsoft.com/"><table><tr><td><a
    href="http://www.google.com/">Click here</td></tr></table></a>

    Description: Microsoft Internet Explorer can't handle links surrounded
    by a table and an other link correct.

    The bug can be exploited using HTML mail message too.

    Affected software: Microsoft Internet Explorer, Microsoft Outlook
    Express, ...

    Workaround: Don't click on non-trusted links. Or right-click on links to
    see the real target. Or use Copy-and-Paste.

    Regards,
    Benjamin Tobias Franz
    Germany

  • Next message: Richard Dawe: "Re: libgd integer overflow"

    Relevant Pages