*Internet Explorer Window Loading Race Condition Address
Bar Spoofing*
*Secunia Advisory SA19521
Print Advisory
<http:/
/secunia.com/advisories/19521/print/>
*Release Date 2006-04-04
*Critical
Less critical <http
://secunia.com/about_secunia_advisories/>
*Impact
Spoofing
*Where
From remote
*Solution Status Unpatched
*Software Microsoft
Internet Explorer 6.x
<http://secunia.com
/product/11/>
Select a product and view a complete list of all
Patched/Unpatched
Secunia advisories affecting it.
*Description*:
Hai Nam Luke has discovered a vulnerability in Internet
Explorer, which
can be exploited by malicious people to conduct phishing
attacks.
The vulnerability is caused due to a race condition in the
loading of
web content and Macromedia Flash Format files
(".swf") in browser
windows. This can be exploited to spoof the address bar in a
browser
window showing a Flash file from a malicious web site.
NOTE: The impact of exploitation is reduced because the URL
of the
malicious Flash file is visible in the title of the browser
window.
The vulnerability has been confirmed on a fully patched
system with
Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.
Other versions
may also be affected.
*Solution*:
Disable Active Scripting support.
*Provided and/or discovered by*:
Hai Nam Luke
/Please note: The information, which this Secunia Advisory
is based
upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability
reports
issued by security research groups, vendors, and others./
--
--
I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931)
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|