Welcome to WebmasterWorld Guest from 54.226.46.6

Forum Moderators: incrediBILL

Message Too Old, No Replies

IE Vulnerability: Address Bar Spoofing

     

pageoneresults

7:14 pm on Apr 17, 2006 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



2006-04-04 - Internet Explorer Window Loading Race Condition Address Bar Spoofing
[secunia.com...]

Please note, there is no fix for this vulnerability from MS as of yet. Secunia advises to Disable Active Scripting support.

Description:
Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

The vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files (".swf") in browser windows. This can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:

[secunia.com...]

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (March edition). Other versions may also be affected.

Dinkar

8:26 pm on Apr 17, 2006 (gmt 0)

10+ Year Member



Try some alternate browser like FireFox.

trillianjedi

8:45 pm on Apr 17, 2006 (gmt 0)

WebmasterWorld Senior Member trillianjedi is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Ouch, that's nasty - thanks for the heads up.

tstaheli

9:16 pm on Apr 17, 2006 (gmt 0)

10+ Year Member



Another day, another patch.

encyclo

9:25 pm on Apr 17, 2006 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Try some alternate browser like FireFox

But if you do, make sure you patch that too [webmasterworld.com]. :)

Whilst IE vulnerabilities are much more frequent, the latest Firefox bug is much more serious than this particular IE one.

Jon_King

10:37 pm on Apr 17, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks for that pageonresults.

I do think that vulnerabilities are here to stay and appreciate WebmasterWorld especially for the members wise to this fact. I've long since moved-on from considering a secure OS. The complexity of what we want, makes that an impossibility. If we have the minds capable of securing a network decide what is possible and what's not, we would be secure but less useful. Be the judge, it's a crap shoot to me.

tsheridan

10:58 pm on Apr 17, 2006 (gmt 0)

10+ Year Member



Mine says .google.ca - is this the same thing as .google.com, in this instance?

pageoneresults

11:20 pm on Apr 17, 2006 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Mine says .google.ca - is this the same thing as .google.com, in this instance?

Yes. If you were not open to this vulnerability, you would end up at the Secunia website.

[secunia.com...]

Don_Hoagie

12:48 pm on Apr 18, 2006 (gmt 0)

10+ Year Member



You know what would be a scary application of this?

Tie it in with the hack that changes your browser's home page... imagine your homepage got taken over and yet it still rendered as google.com / yahoo.com / msn.com... How many Gmail / Yahoo Mail /Hotmail users would innocently input their user/pass to those spoofed pages? Google is my homepage, and I can tell you right now that I wouldn't have the slightest idea that I was getting conned if they designed the pages right. (And it's oh-so-tough to recreate Google pages, isn't it?)

donpps

1:37 pm on Apr 18, 2006 (gmt 0)

10+ Year Member



I tried to manually change the google spoof page to [google.com...] and got the original google page.

Question: Are secure websites are protected from this vulnerability?

Xyzi

2:34 pm on Apr 18, 2006 (gmt 0)



You know what would be a scary application of this?...

Actually that's already possible by just modifying the hosts-file.

mack

4:02 pm on Apr 18, 2006 (gmt 0)

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Actually that's already possible by just modifying the hosts-file.

Very true, and it would work with any browser the user had installed, not just IE. Address bar spoofing it a very similar concept, thankfully IE7 addresses this issue to an extent by letting you know in no uncertain terms that the certificate does not match the domain. By letting you know I mean red address bar and full page error message before it will let you proceed.

Mack.

beebware

9:50 pm on Apr 18, 2006 (gmt 0)

10+ Year Member



Actually, IE 6.0 on my Win XP SP2 box initally failed this exploit. I just got Google on the Google URL - however, moving the window aside, I had to dialog boxes asking me to "Allow sub-frames to navigate across different domains?". Clicking "No" keeps Google.co.uk shown in the URL bar with the contents of the site being Google - clicking "Yes" (to both dialog boxes) shows the exploit with Google.co.uk in the URL bar and Secunia's site in the window.

JudgeJeffries

1:44 am on Apr 19, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



"disable active scripting"
How? Where? I cant find it.

Swanson

2:47 am on Apr 19, 2006 (gmt 0)

10+ Year Member



I just tried it using IE 6 and it was fine - the URL was not Google in the address bar.

Swanson

2:51 am on Apr 19, 2006 (gmt 0)

10+ Year Member



Just to clarify - XP Home with IE 6 fully patched.

pageoneresults

4:05 pm on Apr 19, 2006 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Quick question. Anyone having any problems with their IE after performing the above test from Secunia?

mack

4:13 pm on Apr 19, 2006 (gmt 0)

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I tried the test, and my system was found to be venerable. No ill effects since I tested though? What have you been seeing?

Mack.

zafile

4:22 pm on Apr 19, 2006 (gmt 0)



The Secunia alert seems valid for people with bad habits while browsing. People browsing porn should be worried about the vulnerability.

However, the alert is mainly hype for Secunia. The link in the top of the WebmasterWorld homepage only enhances such hype.

I think is time for WebmasterWorld to provide better and more relevant content in its homepage.

pageoneresults

4:23 pm on Apr 19, 2006 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



What have you been seeing?

Well, yesterday I had some major issues with the temp cache (IE) being flooded. Also, something happened with my Norton Spam within Outlook although that may be unrelated.

Since then, I've done full system scans for viruses, etc. All is well.

After dumping the temp cache and reviewing all my running processes (just to be sure), things appear to be back to normal. I don't want to run the test again until I know for sure if others experienced any issues.

pageoneresults

4:25 pm on Apr 19, 2006 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



The Secunia alert seems valid for people with bad habits while browsing. People browsing porn should be worried about the vulnerability.

Huh? Are you saying that this is linkbait for Secunia? And that the vulnerability only affects those browsing p*rn sites?

abacuss

9:40 am on Apr 22, 2006 (gmt 0)

5+ Year Member



Thanks for the information.

wmuser

2:36 pm on Apr 23, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hard to believe but there is still NO patch for it,IE is still vulnerable,tried it on my PC

whisky1

4:55 pm on Apr 30, 2006 (gmt 0)



Thanks for the info and advice, i will use firefox first
 

Featured Threads

Hot Threads This Week

Hot Threads This Month