A new bug in IE 6 on XP SP2, less than critical but users should be aware.
Microsoft Internet Explorer Popup Title Bar Spoofing Weakness
Secunia Advisory: SA14335 Print Advisory Release Date: 2005-02-21
Critical: Less critical Impact: Spoofing Where: From remote Solution Status: Unpatched
Software: Microsoft Internet Explorer 6
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
bitlance winter has discovered a weakness in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.
Windows XP SP2 has a security feature, which forces the URL of a popup to the present in the title bar when a popup has been opened without the address bar.
The problem is that the title bar can be spoofed via an overly long hostname. This can e.g. be exploited by a malicious web site to trick a user into entering sensitive information in a popup placed over a trusted site.
The weakness has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.
Solution:
Do not enter sensitive information in popups after following links from untrusted sources.
Provided and/or discovered by: bitlance winter
Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
Peter Kaulback -- -- I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931) ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
