Microsoft Multiple IE Address Bar Spoofing Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	10/09/2007
Severity:	High
Applications Affected:	Microsoft Internet Explorer 5.01 SP4 Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 SP1 Microsoft Windows Internet Explorer 7

Synopsis

A weakness has been identified in Microsoft Internet Explorer, which could be exploited by malicious websites to conduct spoofing or phishing attacks.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms07-057.mspx

Threat Analysis

Microsoft Internet Explorer is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions.

Attackers may exploit this via a malicious page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing. This issue is due to an error when handling certain "onunload" events, which could be exploited by attackers to spoof the displayed address bar by tricking a user into entering a trusted URL manually in the address bar while visiting a malicious web page.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3892
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1091
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3826

Write-up by: Aditya Chaturvedi