[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
From: Kurczaba Associates advisories <advisories@xxxxxxxxxxxx>
Date: Mon, 17 May 2004 14:14:32 -0400

Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

http://www.kurczaba.com/securityadvisories/0405132.htm
-------------------------------------------------------------

Vulnerability ID Number:
0405132

Overview: A vulnerability has been found in Microsoft Internet Explorer. A specially coded ImageMap can be used to spoof the URL displayed in the lower, left hand corner of the browser.


Vendor:
Microsoft (http://www.microsoft.com)

Affected Systems/Configuration: The versions affected by this vulnerability are Microsoft Internet Explorer 5 and 6.

Vulnerability/Exploit: An ImageMap can be used to spoof the URL displayed in the lower, left hand of the browser. View the "Proof of Concept" example for details.


Workaround:
None so far.


Proof of Concept:
http://www.kurczaba.com/securityadvisories/0405132poc.htm


Date Discovered:
May 13, 2004


Severity:
High


Credit:
Paul Kurczaba
Kurczaba Associates
http://www.kurczaba.com/

Prev by Date: Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices
Next by Date: oscommerce 2.2 file_manager.php file browsing
Previous by thread: RE: Remote Buffer Overflow in MailEnable HTTPMail
Next by thread: RE: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
Index(es):
- Date
- Thread