*Internet Explorer Window Loading Race Condition Address Bar Spoofing*
*Secunia Advisory:* SA19521 Print Advisory
<http://secunia.com/advisories/19521/print/>
*Release Date:* 2006-04-04
*Critical:*
Less critical <http://secunia.com/about_secunia_advisories/>
*Impact:* Spoofing
*Where:* From remote
*Solution Status:* Unpatched
*Software:* Microsoft Internet Explorer 6.x
<http://secunia.com/product/11/>
Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.
*Description*:
Hai Nam Luke has discovered a vulnerability in Internet Explorer, which
can be exploited by malicious people to conduct phishing attacks.
The vulnerability is caused due to a race condition in the loading of
web content and Macromedia Flash Format files (".swf") in browser
windows. This can be exploited to spoof the address bar in a browser
window showing a Flash file from a malicious web site.
NOTE: The impact of exploitation is reduced because the URL of the
malicious Flash file is visible in the title of the browser window.
The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Other versions
may also be affected.
*Solution*:
Disable Active Scripting support.
*Provided and/or discovered by*:
Hai Nam Luke
/Please note: The information, which this Secunia Advisory is based
upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports
issued by security research groups, vendors, and others./
--
--
I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931)
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
