Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
BID:24298
Info
Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
| Bugtraq ID: | 24298 |
| Class: | Design Error |
| CVE: |
CVE-2007-3092 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Michal Zalewski reported this issue. |
| Vulnerable: |
Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability.
Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.
Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability.
Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.
Exploit / POC
Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to visit a maliciously crafted webpage.
A proof-of-concept webpage has been created to demonstrate this issue. Please see the references for details.
To exploit this issue, an attacker must entice an unsuspecting user to visit a maliciously crafted webpage.
A proof-of-concept webpage has been created to demonstrate this issue. Please see the references for details.
Solution / Fix
Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
References:
References:
- Internet Explorer Homepage (Microsoft)
- MSIE webpage spoofing bug (Michal Zalewski)
- Assorted browser vulnerabilities (Michal Zalewski)