Microsoft Internet Explorer Persistent Modal Dialog Window Address Bar Spoofing Vulnerability
BID:18321
CVE-2006-2384 |Info
Microsoft Internet Explorer Persistent Modal Dialog Window Address Bar Spoofing Vulnerability
| Bugtraq ID: | 18321 |
| Class: | Serialization Error |
| CVE: |
CVE-2006-2384 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 13 2006 12:00AM |
| Updated: | Jun 13 2006 10:01PM |
| Credit: | Yorick Koster of ITsec Security Services is credited with the discovery of this vulnerability. |
| Vulnerable: |
Microsoft Internet Explorer 5.0.1 SP4 Microsoft Internet Explorer 5.0.1 SP3 Microsoft Internet Explorer 5.0.1 SP2 Microsoft Internet Explorer 5.0.1 SP1 Microsoft Internet Explorer 5.0.1 for Windows NT 4.0 Microsoft Internet Explorer 5.0.1 for Windows 98 Microsoft Internet Explorer 5.0.1 for Windows 95 Microsoft Internet Explorer 5.0.1 for Windows 2000 Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 7.0 beta2 Microsoft Internet Explorer 7.0 beta1 Microsoft Internet Explorer 6.0 SP2 - do not use Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer Persistent Modal Dialog Window Address Bar Spoofing Vulnerability
Microsoft Internet Explorer is prone to address-bar spoofing. Attackers may exploit this via a malicious web page to spoof the contents of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.
Microsoft Internet Explorer is prone to address-bar spoofing. Attackers may exploit this via a malicious web page to spoof the contents of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.
Exploit / POC
Microsoft Internet Explorer Persistent Modal Dialog Window Address Bar Spoofing Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Microsoft Internet Explorer Persistent Modal Dialog Window Address Bar Spoofing Vulnerability
Solution:
Microsoft has released a cumulative security update to address this issue.
Reportedly, the fixes provided in MS06-013 may cause unintended breakage with certain ActiveX controls. Symantec has not confirmed this. Before deploying this patch in production environments, users should thoroughly test the patch to ensure that it doesn't interfere with other software.
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.0.1 SP4
Solution:
Microsoft has released a cumulative security update to address this issue.
Reportedly, the fixes provided in MS06-013 may cause unintended breakage with certain ActiveX controls. Symantec has not confirmed this. Before deploying this patch in production environments, users should thoroughly test the patch to ensure that it doesn't interfere with other software.
Microsoft Internet Explorer 6.0 SP1
-
Microsoft Cumulative Update for Internet Explorer 6 SP1 (KB916281)
Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=0EB17A41-FB43 -413B-A5CC-41E1F3DEDE4F&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB916281)
For Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=CCE7C875-C9A4 -4C3D-A37B-946EE5E781E7&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB916281) -
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=C8E4CFB6-1350 -4AAE-B681-EE2ECAB41118&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB916281)
Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=1C7D5C6D-DDCF -485D-A1E3-60E55334FD74&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB916281)
For Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=85CABE87-C4A0 -4F80-BD1C-210E23FD8D81&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB916281)
Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=F91791AC-8185 -4346-AA66-89F74D4B5EA7&displaylang=en
Microsoft Internet Explorer 6.0
-
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB916281)
For Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=CCE7C875-C9A4 -4C3D-A37B-946EE5E781E7&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB916281) -
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=C8E4CFB6-1350 -4AAE-B681-EE2ECAB41118&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB916281)
Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=1C7D5C6D-DDCF -485D-A1E3-60E55334FD74&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB916281)
For Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=85CABE87-C4A0 -4F80-BD1C-210E23FD8D81&displaylang=en -
Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB916281)
Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=F91791AC-8185 -4346-AA66-89F74D4B5EA7&displaylang=en
Microsoft Internet Explorer 5.0.1 SP4
-
Microsoft Cumulative Update for Internet Explorer 5.01 Service Pack 4 (KB916281)
Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?familyid=91A997DE-BAE4 -4AC7-912D-79EF8ABAEF4F&displaylang=en
References
Microsoft Internet Explorer Persistent Modal Dialog Window Address Bar Spoofing Vulnerability
References:
References:
- Microsoft Technet Security (Microsoft)
- Mozilla Firefox Home Page (Mozilla)
- MS06-021 - Cumulative Security Update for Internet Explorer (916281) (Microsoft)