|
Internet Explorer URL Spoofing Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA10395
|
|
|
Release Date:
|
2003-12-09
|
|
Last Update:
|
2004-02-02
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Spoofing
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
|
| | CVE reference: | CVE-2003-1025 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL.
Successful exploitation allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address and status bars, which is different from the actual location of the page.
This can be exploited to trick users into divulging sensitive information or download and execute malware on their systems, because they trust the faked domain in the two bars.
Example displaying only "http://www.trusted_site.com" in the two bars when the real domain is "malicious_site.com":
http://www.trusted_site.com%01%00@malicious_site.com/malicious.html
A test is available at:
http://secunia.com/internet_explorer_address_bar_spoofing_test/
The vulnerability has been confirmed in version 6.0, and version 5.x is also affected according to Microsoft's knowledge base article.
NOTE: This vulnerability is currently being exploited on the Internet via scam emails!
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Apply patches manually or via WindowsUpdate.
Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/de...-90D3-0C884910BC97&displaylang=en
Internet Explorer 6 Service Pack 1 (64-Bit Edition):
http://www.microsoft.com/downloads/de...-BC77-9BF410BC620D&displaylang=en
Internet Explorer 6 for Windows Server 2003:
http://www.microsoft.com/downloads/de...-B8F6-1DE327E598F0&displaylang=en
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition):
http://www.microsoft.com/downloads/de...-9AE4-8DCB43404149&displaylang=en
Internet Explorer 6:
http://www.microsoft.com/downloads/de...-BFDE-29EBA8CF7A50&displaylang=en
Internet Explorer 5.5 Service Pack 2:
http://www.microsoft.com/downloads/de...-B767-5597DDE95C6F&displaylang=en
Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/de...-9AA2-36D2D8454A92&displaylang=en
Internet Explorer 5.01 Service Pack 3:
http://www.microsoft.com/downloads/de...-8C0F-4183C77B6B51&displaylang=en
Internet Explorer 5.01 Service Pack 2:
http://www.microsoft.com/downloads/de...-A780-81D6DBC48DD5&displaylang=en
NOTE: The patches fix the vulnerability by removing support for usernames and passwords in URLs.
Provided and/or discovered by:
Originally discovered by:
Zap The Dingbat
Status bar variant reported by:
Chris Hall
Changelog:
2003-12-11: Linked to test. Added information regarding variant, which makes it possible to spoof URL in the status bar as well.
2003-12-14: Microsoft has issued a knowledge base article concerning the issue. This also reports that version 5.x is affected.
2003-12-19: Scams mails exploiting the vulnerability are now circulating the Internet.
2004-02-02: Microsoft issues patches. Added CVE reference.
Original Advisory:
http://www.microsoft.com/technet/security/bulletin/MS04-004.asp
Other References:
Microsoft Knowledge Base Article - 833786:
http://support.microsoft.com/?id=833786
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
135 Related Secunia Security Advisories, displaying 10
|
|
|
1. Internet Explorer MHTML Protocol Handler Cross-Domain Information Disclosure
|
|
2. Internet Explorer Multiple Vulnerabilities
|
|
3. Internet Explorer 6 Window "location" Handling Vulnerability
|
|
4. Internet Explorer "substringData()" Memory Corruption Vulnerability
|
|
5. Internet Explorer "Print Table of Links" Cross-Zone Scripting
|
|
6. Internet Explorer HTTP Request Smuggling/Splitting Vulnerabilities
|
|
7. Internet Explorer FTP Command Injection Vulnerability
|
|
8. Microsoft Internet Explorer Multiple Vulnerabilities
|
|
9. Internet Explorer Multiple Code Execution Vulnerabilities
|
|
10. Microsoft Web Proxy Auto-Discovery Feature Security Issue
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
