Microsoft Internet Explorer table status bar spoofing

ie-table-status-spoofing (17909) The risk level is classified as LowLow Risk

Description:

Microsoft Internet Explorer could allow a remote attacker to spoof a trusted Web page by altering the URL that is displayed in the Internet Explorer status bar. A remote attacker could create a specially-crafted URL link containing A HREF tags that specify a spoofed address and within these tags, TABLE tags that specify the destination address, which will cause the spoofed URL to be displayed in the status bar, once the victim places the mouse over the link. An attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email.

Note: Safari version 1.2.3 is also affected by this vulnerability.


Consequences:

Other

Remedy:

For Mac OS:
Apply Security Update 2004-12-02, as listed in AppleCare Knowledge Base Document 61798. See References.

References:

Platforms Affected:

  • Apple Mac OS X 10.2.8
  • Apple Mac OS X 10.3.6
  • Apple Mac OS X Server 10.2.8
  • Apple Mac OS X Server 10.3.6
  • Microsoft Internet Explorer 6.0.2800.1106
  • Microsoft Outlook Express 6.0

Reported:

Oct 29, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page