ISS X-Force Database: ie-table-status-spoofing(17909): Microsoft Internet Explorer table status bar spoofing

Microsoft Internet Explorer table status bar spoofing

ie-table-status-spoofing (17909)

Low Risk

Description:

Microsoft Internet Explorer could allow a remote attacker to spoof a trusted Web page by altering the URL that is displayed in the Internet Explorer status bar. A remote attacker could create a specially-crafted URL link containing A HREF tags that specify a spoofed address and within these tags, TABLE tags that specify the destination address, which will cause the spoofed URL to be displayed in the status bar, once the victim places the mouse over the link. An attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email.

Note: Safari version 1.2.3 is also affected by this vulnerability.

Platforms Affected:

Apple, Mac OS X 10.2.8
Apple, Mac OS X 10.3.6
Apple, Mac OS X Server 10.2.8
Apple, Mac OS X Server 10.3.6
Microsoft, Internet Explorer 6.0.2800.1106
Microsoft, Outlook Express 6.0

Remedy:

For Mac OS:
Apply Security Update 2004-12-02, as listed in AppleCare Knowledge Base Document 61798. See References.

Consequences:

Other

References:

AppleCare Knowledge Base Document 61798, Security Update 2004-12-02 at http://docs.info.apple.com/article.html?artnum=61798.
BugTraq Mailing List, Fri Oct 29 2004 - 18:08:52 CDT, RE: New URL spoofing bug in Microsoft Internet Explorer at http://archives.neohapsis.com/archives/bugtraq/2004-10/0355.html.
BugTraq Mailing List, Sun Oct 31 2004 - 08:21:35 CST, Safari vulnerable to URL spoofing at http://archives.neohapsis.com/archives/bugtraq/2004-11/0011.html.
BugTraq Mailing List, Thu Oct 28 2004 - 16:38:16 CDT , New URL spoofing bug in Microsoft Internet Explorer at http://archives.neohapsis.com/archives/bugtraq/2004-10/0322.html.
NTBugTraq Mailing List, Fri Oct 29 2004 - 15:19:03 CDT, Re: New URL spoofing bug in Microsoft Internet Explorer at http://archives.neohapsis.com/archives/ntbugtraq/2004-q4/0100.html.
BID-11561: Microsoft Internet Explorer TABLE Status Bar URI Obfuscation Weakness
BID-11573: Apple Safari Web Browser TABLE Status Bar URI Obfuscation Weakness
BID-11590: Microsoft Internet Explorer IFRAME Status Bar URI Obfuscation Weakness
CVE-2004-1121: Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.
CVE-2005-4679: Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
SA13047: Safari "Javascript Disabled" Status Bar Spoofing
SA17565: Internet Explorer Image Control Status Bar Spoofing Weakness
US-CERT VU#925430: Multiple web browsers do not properly interpret TABLE elements when displaying URLs in the status bar

Reported:

Oct 29, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page