[37126] in bugtraq
New URL spoofing bug in Microsoft Internet Explorer
daemon@ATHENA.MIT.EDU (0-1-2-3@gmx.de)
Thu Oct 28 20:12:57 2004
Message-ID: <005401c4bd36$6fdf3800$d9ebb9d9@oemcomputer>
From: <0-1-2-3@gmx.de>
To: <bugtraq@securityfocus.com>
Date: Thu, 28 Oct 2004 23:38:16 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
New URL spoofing bug in Microsoft Internet Explorer
There is a security bug in Internet Explorer 6.0.2800.1106 (fully patched),
which allowes to show any faked target-address in the status bar of the
window.
The example below will display a faked URL ("http://www.microsoft.com/") in
the status bar of the window, if you move your mouse over the link. Click
on the link and IE will go to "http://www.google.com/" and NOT to
"http://www.microsoft.com/" .
<a href="http://www.microsoft.com/"><table><tr><td><a
href="http://www.google.com/">Click here</td></tr></table></a>
Description: Microsoft Internet Explorer can't handle links surrounded by a
table and an other link correct.
The bug can be exploited using HTML mail message too.
Affected software: Microsoft Internet Explorer, Microsoft Outlook Express,
...
Workaround: Don't click on non-trusted links. Or right-click on links to
see the real target. Or use Copy-and-Paste.
Regards,
Benjamin Tobias Franz
Germany
