|
|
|
|
12-20-2003, 03:21 AM
|
#1 |
This may be old News
Internet Security Systems Security Brief
December 19, 2003 Microsoft Internet Explorer URL Spoofing Vulnerability Synopsis: A vulnerability has been reported which poses a significant risk to individuals who use Internet Explorer to navigate the Web. A flaw exists in Internet Explorer which may allow Web site addresses or URLs to display incorrectly in the Internet Explorer navigation bar, thereby allowing scams that trick users into trusting a bogus Web site. This flaw is trivial to exploit, and may be triggered when individuals navigate to URLs from within emails or hostile Web pages. Impact: Similar vulnerabilities have been used extensively in mass-email, or fake Web sites designed to replicate the original in an effort to steal personal information from the victim. This type of attack has commonly been referred to as "phishing". Whereas past phishing attacks used URLs similar to the original, this new vulnerability allows URLs that are identical to the original Web site. This makes it almost impossible for individuals to differentiate between fraudulent sites and legitimate sites. Affected Versions: Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 5.01 For the complete ISS X-Force Security Alert, please visit: http://xforce.iss.net/xforce/alerts/id/159 Duane  Duane Arnold |
|
|
|
12-20-2003, 09:23 AM
|
#2 |
|
Posts: n/a
|
Re: This may be old News
Duane Arnold wrote:
> > Internet Security Systems Security Brief > December 19, 2003 > > Microsoft Internet Explorer URL Spoofing Vulnerability > > Synopsis: > > A vulnerability has been reported which poses a significant risk to > individuals who use Internet Explorer to navigate the Web. A flaw exists > in Internet Explorer which may allow Web site addresses or URLs to > display incorrectly in the Internet Explorer navigation bar, thereby > allowing scams that trick users into trusting a bogus Web site. This flaw > is trivial to exploit, and may be triggered when individuals navigate to > URLs from within emails or hostile Web pages. > > Impact: > > Similar vulnerabilities have been used extensively in mass-email, or fake > Web sites designed to replicate the original in an effort to steal > personal information from the victim. This type of attack has commonly > been referred to as "phishing". Whereas past phishing attacks used URLs > similar to the original, this new vulnerability allows URLs that are > identical to the original Web site. This makes it almost impossible for > individuals to differentiate between fraudulent sites and legitimate > sites. > > Affected Versions: > > Microsoft Internet Explorer 6.0 > Microsoft Internet Explorer 5.5 > Microsoft Internet Explorer 5.01 > > For the complete ISS X-Force Security Alert, please visit: > http://xforce.iss.net/xforce/alerts/id/159 > > Duane ....and, of course, M$ will only make it worse.... |
|
|
