Microsoft Internet Explorer and Outlook Express A HREF URL spoofing

ie-ahref-url-spoofing (16102) The risk level is classified as MediumMedium Risk

Description:

Microsoft Internet Explorer and Outlook Express could allow a remote attacker to spoof a trusted Web page by altering the URL that is displayed in the Internet Explorer status bar. A remote attacker could create a specially-crafted URL containing an IMG tag within an A HREF tag that specifies the destination address using the MAP tag, which will be loaded in a user's browser and a different URL would be displayed in the status bar of a spoofed Web page. An attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email.

Note: Reportedly, Konqueror and Netscape Navigator are also affected by this vulnerability.

Platforms Affected:

  • KDE, Konqueror
  • Microsoft, Internet Explorer
  • Microsoft, Outlook 2000
  • Microsoft, Outlook 2002
  • Microsoft, Outlook Express
  • Netscape, Navigator

Remedy:

No remedy available as of November 29, 2008.

Consequences:

Other

References:

  • BugTraq Mailing List, Mon May 17 2004 - 13:14:32 CDT, Microsoft Internet Explorer ImageMap URL Spoof Vulnerability at http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html.
  • BugTraq Mailing List, Mon May 17 2004 - 15:08:16 CDT, RE: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability at http://archives.neohapsis.com/archives/bugtraq/2004-05/0163.html.
  • Full-Disclosure Mailing List, Sat May 08 2004 - 16:29:10 CDT , DEEP SEA PHISHING: Internet Explorer / Outlook Express at http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0362.html.
  • BID-10308: Microsoft Internet Explorer Embedded Image URI Obfuscation Weakness
  • BID-10383: KDE Konqueror Embedded Image URI Obfuscation Weakness
  • BID-10389: Netscape Navigator Embedded Image URI Obfuscation Weakness
  • CVE-2004-0526: Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified alt values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a phishing attack.
  • CVE-2004-0527: KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified alt values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a phishing attack.
  • CVE-2004-0528: Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified alt values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a phishing attack.
  • OSVDB ID: 6579: KDE Konqueror ImageMap URL Spoofing
  • OSVDB ID: 6580: Netscape Navigator ImageMap URL Spoofing

Reported:

May 08, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page