-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief December 19, 2003
Microsoft Internet Explorer URL Spoofing Vulnerability Synopsis: A vulnerability has been reported which poses a significant risk to individuals who use Internet Explorer to navigate the Web. A flaw exists in Internet Explorer which may allow Web site addresses or URLs to display incorrectly in the Internet Explorer navigation bar, thereby allowing scams that trick users into trusting a bogus Web site. This flaw is trivial to exploit, and may be triggered when individuals navigate to URLs from within emails or hostile Web pages. Impact: Similar vulnerabilities have been used extensively in mass-email, or fake Web sites designed to replicate the original in an effort to steal personal information from the victim. This type of attack has commonly been referred to as "phishing". Whereas past phishing attacks used URLs similar to the original, this new vulnerability allows URLs that are identical to the original Web site. This makes it almost impossible for individuals to differentiate between fraudulent sites and legitimate sites. Affected Versions: Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 5.01 For the complete ISS X-Force Security Alert, please visit: http://xforce.iss.net/xforce/alerts/id/159 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email [EMAIL PROTECTED] for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force [EMAIL PROTECTED] of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBP+NvlDRfJiV99eG9AQE8gAP+OSwR+WBDtEUyIyxnh1zsmU0u7oXx0XLL zQ4zKocUY9+kH5L7WkT6+2En5/G7aaKteBU67Y+GwlfFw47w1lGaRw9OlxRt4oR6 skn0qUJqAQ9KDmAXkgWsOwgBoX7qLcrba64RkjVWlJaqqjfbcTN+IYN35oWJcIWY J/Ny8l0jCmc= =Mk/e -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
