Microsoft Confirms IE Phishing Flaw

Discussion in 'Software' started by NICK ADSL UK, Feb 23, 2005.

  1. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Microsoft Confirms IE Phishing Flaw
    By Ryan Naraine
    February 23, 2005
    Be the first to comment on this article





    Software engineers at Microsoft Corp.'s security research team have confirmed the existence of a bug in the Internet Explorer browser that opens the door to URL spoofing attacks.

    ADVERTISEMENT The flaw, which has been widely reported on public mailing lists, can be exploited by a malicious attacker to spoof the URL of a pop-up advertisement and has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP Service Pack 2.

    According to a Microsoft spokesperson, Windows XP SP2 requires the URL of pop-up ads to display in the title bar when a pop-up has been opened without the address bar. "Our early analysis indicates that only pop-up ads that contain extremely long URLs can be spoofed in this scenario," the spokesperson told eWEEK.com

    "There is no attack that utilizes this, and Microsoft is not aware of any customers currently being affected by this situation," she added.

    http://www.eweek.com/article2/0,1759,1768963,00.asp
     
    NICK ADSL UK, Feb 23, 2005
    #1

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds