MS Internet Explorer 7 Popup Window Address Bar Spoofing Vulnerability
Juan Pablo Lopez Yacubian reported that Internet Explorer 7 (also in all MS Vista versions) is affected by a URI-spoofing vulnerability.
An attacker may leverage this issue by inserting strings to spoof the source address of a file presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source address of a trusted site while interacting with the attacker’s malicious site.
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web document. The following example exploit is available:
http://es.geocities.com/jplopezy/iespoof.html
Reports indicate that unspecified versions of Firefox are also prone to this issue, but that has not been confirmed.
Currently there are no vendor-supplied patches. If you are aware of a patch or more recent information, please comment.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.