Bugtraq mailing list archives
RE: New URL spoofing bug in Microsoft Internet Explorer
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Fri, 29 Oct 2004 19:08:52 -0400
Russ from NTBugTraq helped to clear some of this up. If you hover the mouse below the actual link to Google - in a very narrow area - the status bar will show www.microsoft.com, but clicking doesn't do anything. So it's definitely a stupid error in IE, but the spoofing angle in SP2 is debatable. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer larryseltzer () ziffdavis com -----Original Message----- From: GuidoZ [mailto:uberguidoz () gmail com] Sent: Friday, October 29, 2004 3:20 PM To: Larry Seltzer Cc: 0-1-2-3 () gmx de; bugtraq () securityfocus com Subject: Re: New URL spoofing bug in Microsoft Internet Explorer Same version I tested, Larry. (Same results too, for the most part.) Try looking at my page for another example (as I stated in my previous emails), as well as a way it might "work" in a sense: - http://www.guidoz.com/btstatusurl.html FYI: It seems my emails from 10/28 may have not made it to the list yet (?). They are included. -- Peace. ~G On Thu, 28 Oct 2004 22:14:28 -0400, Larry Seltzer <larry () larryseltzer com> wrote:
Windows XP SP2 (IE 6.0.2900.2180.xpsp_sp2_rtm.040803-2158) Has no problem - the status bar says Google and the click goes to Google Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer larryseltzer () ziffdavis com -----Original Message----- From: 0-1-2-3 () gmx de [mailto:0-1-2-3 () gmx de] Sent: Thursday, October 28, 2004 5:38 PM To: bugtraq () securityfocus com Subject: New URL spoofing bug in Microsoft Internet Explorer New URL spoofing bug in Microsoft Internet Explorer There is a security bug in Internet Explorer 6.0.2800.1106 (fully patched), which allowes to show any faked target-address in the status
bar of the window.
The example below will display a faked URL
("http://www.microsoft.com/";) in the status bar of the window, if you
move your mouse over the link.
Click on the link and IE will go to "http://www.google.com/"; and NOT to "http://www.microsoft.com/"; . <a href="http://www.microsoft.com/";><table><tr><td><a href="http://www.google.com/";>Click here</td></tr></table></a> Description: Microsoft Internet Explorer can't handle links surrounded
by a table and an other link correct. The bug can be exploited using HTML mail message too. Affected software: Microsoft Internet Explorer, Microsoft Outlook Express, ... Workaround: Don't click on non-trusted links. Or right-click on links to see the real target. Or use Copy-and-Paste. Regards, Benjamin Tobias Franz Germany
Current thread:
- New URL spoofing bug in Microsoft Internet Explorer 0-1-2-3 (Oct 28)
- RE: New URL spoofing bug in Microsoft Internet Explorer Larry Seltzer (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 29)
- RE: New URL spoofing bug in Microsoft Internet Explorer Larry Seltzer (Oct 30)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer Christopher J. Pilkington (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 30)
- <Possible follow-ups>
- Re: New URL spoofing bug in Microsoft Internet Explorer Jérôme (Oct 29)
- Re: New URL spoofing bug in Microsoft Internet Explorer 0-1-2-3 (Oct 30)
- Re: New URL spoofing bug in Microsoft Internet Explorer http-equiv () excite com (Oct 30)
- RE: New URL spoofing bug in Microsoft Internet Explorer Larry Seltzer (Oct 29)