Bugtraq mailing list archives
Re: New URL spoofing bug in Microsoft Internet Explorer
From: "Christopher J. Pilkington" <christopher.j.pilkington () gmail com>
Date: Thu, 28 Oct 2004 20:15:19 -0400
Under IE 6.0.2900.2180, this does not occur as you describe. If the mouse pointer is pointed to the edge around the link, "http://www.microsoft.com" is displayed, but when the pointer is directly over the link, "http://www.google.com" is correctly displayed. On Thu, 28 Oct 2004 23:38:16 +0200, 0-1-2-3 () gmx de <0-1-2-3 () gmx de> wrote:
New URL spoofing bug in Microsoft Internet Explorer There is a security bug in Internet Explorer 6.0.2800.1106 (fully patched), which allowes to show any faked target-address in the status bar of the window. The example below will display a faked URL ("http://www.microsoft.com/") in the status bar of the window, if you move your mouse over the link. Click on the link and IE will go to "http://www.google.com/" and NOT to "http://www.microsoft.com/" . <a href="http://www.microsoft.com/"><table><tr><td><a href="http://www.google.com/">Click here</td></tr></table></a> Description: Microsoft Internet Explorer can't handle links surrounded by a table and an other link correct. The bug can be exploited using HTML mail message too. Affected software: Microsoft Internet Explorer, Microsoft Outlook Express, ... Workaround: Don't click on non-trusted links. Or right-click on links to see the real target. Or use Copy-and-Paste. Regards, Benjamin Tobias Franz Germany
Current thread:
- New URL spoofing bug in Microsoft Internet Explorer 0-1-2-3 (Oct 28)
- RE: New URL spoofing bug in Microsoft Internet Explorer Larry Seltzer (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 29)
- RE: New URL spoofing bug in Microsoft Internet Explorer Larry Seltzer (Oct 30)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer Christopher J. Pilkington (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 30)
- <Possible follow-ups>
- Re: New URL spoofing bug in Microsoft Internet Explorer Jérôme (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer 0-1-2-3 (Oct 30)
- Re: New URL spoofing bug in Microsoft Internet Explorer http-equiv () excite com (Oct 30)
- RE: New URL spoofing bug in Microsoft Internet Explorer Larry Seltzer (Oct 29)