lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 17 May 2004 14:14:32 -0400
From: Kurczaba Associates advisories <advisories@...czaba.com>
To: bugtraq@...urityfocus.com
Subject: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability


Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

http://www.kurczaba.com/securityadvisories/0405132.htm
-------------------------------------------------------------

Vulnerability ID Number:
0405132


Overview:
A vulnerability has been found in Microsoft Internet Explorer. A 
specially coded ImageMap can be used to spoof the URL displayed in the 
lower, left hand corner of the browser.


Vendor:
Microsoft (http://www.microsoft.com)


Affected Systems/Configuration:
The versions affected by this vulnerability are Microsoft Internet 
Explorer 5 and 6.


Vulnerability/Exploit:
An ImageMap can be used to spoof the URL displayed in the lower, left 
hand of the browser. View the "Proof of Concept" example for details.


Workaround:
None so far.


Proof of Concept:
http://www.kurczaba.com/securityadvisories/0405132poc.htm


Date Discovered:
May 13, 2004


Severity:
High


Credit:
Paul Kurczaba
Kurczaba Associates
http://www.kurczaba.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ