MS Internet Explorer 7 Popup Window Address Bar Spoofing Vulnerability

March 29th, 2008

MS Internet Explorer 7 Popup Window Address Bar Spoofing Vulnerability

Juan Pablo Lopez Yacubian reported that Internet Explorer 7 (also in all MS Vista versions) is affected by a URI-spoofing vulnerability.

An attacker may leverage this issue by inserting strings to spoof the source address of a file presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source address of a trusted site while interacting with the attacker’s malicious site.

To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web document. The following example exploit is available:

http://es.geocities.com/jplopezy/iespoof.html

Reports indicate that unspecified versions of Firefox are also prone to this issue, but that has not been confirmed.

Currently there are no vendor-supplied patches. If you are aware of a patch or more recent information, please comment.

Share this item with others:

More on CyberInsecure:

Address Spoofing Flaw Allows Google’s Chrome Websites Impersonation

Cross-Domain Vulnerability In Microsoft Internet Explorer 6

Carpet-bombing Vulnerability In Google Chrome New Browser

Apple Safari For Windows Critical Vulnerabilities

Basic Flaws Allow Phishing And Spamming Vulnerabilities In iPhone

Posted in Microsoft, Vista, Vulnerabilities |

Print This Post

This entry was posted on Saturday, March 29th, 2008 at 5:14 pm and is filed under Microsoft, Vista, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.