ISS X-Force Database: ie-ahref-url-spoofing(16102): Microsoft Internet Explorer and Outlook Express A HREF URL spoofing

Microsoft Internet Explorer and Outlook Express A HREF URL spoofing

ie-ahref-url-spoofing (16102)

Medium Risk

Description:

Microsoft Internet Explorer and Outlook Express could allow a remote attacker to spoof a trusted Web page by altering the URL that is displayed in the Internet Explorer status bar. A remote attacker could create a specially-crafted URL containing an IMG tag within an A HREF tag that specifies the destination address using the MAP tag, which will be loaded in a user's browser and a different URL would be displayed in the status bar of a spoofed Web page. An attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email.

Note: Reportedly, Konqueror and Netscape Navigator are also affected by this vulnerability.

Consequences:

Other

Remedy:

No remedy available as of July 9, 2011.

References:

BugTraq Mailing List, Mon May 17 2004 - 13:14:32 CDT: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability.
BugTraq Mailing List, Mon May 17 2004 - 15:08:16 CDT: RE: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability.
Full-Disclosure Mailing List, Sat May 08 2004 - 16:29:10 CDT : DEEP SEA PHISHING: Internet Explorer / Outlook Express.
BID-10308: Microsoft Internet Explorer Embedded Image URI Obfuscation Weakness
BID-10383: KDE Konqueror Embedded Image URI Obfuscation Weakness
BID-10389: Netscape Navigator Embedded Image URI Obfuscation Weakness
CVE-2004-0526: Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified alt values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a phishing attack.
CVE-2004-0527: KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified alt values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a phishing attack.
CVE-2004-0528: Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified alt values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a phishing attack.
OSVDB ID: 6579: KDE Konqueror ImageMap URL Spoofing
OSVDB ID: 6580: Netscape Navigator ImageMap URL Spoofing

Platforms Affected:

KDE Konqueror
Microsoft Internet Explorer
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Outlook Express
Netscape Navigator

Reported:

May 08, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page