Tuesday, April 11, 2006

IE Address Bar Spoof Discovered!

An address bar spoof can be conducted by a malicious phisher taking advantage of a race condition in Internet Explorer.

The Secunia security advisory website advised IE users of a moderately critical vulnerability in the browser. Secunia created a test that can show if the user's browser is vulnerable.

IE 6 on fully patched Windows XP SP1/SP2 machines, and the IE 7 Beta 2 preview (March edition) demonstrate this vulnerability. In my testing, the vulnerability was present on IE 6, but not in Firefox 1.5 or Opera 9 TP2.

Like a previously reported critical issue about IE, Secunia noted that users can disable Active Scripting in the browser until Microsoft releases a patch. Secunia provided more details and a link to the test demonstrating the vulnerability:

The vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files (".swf") in browser windows. This can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.

  - Display of a spoof vulnerable IE -

  - Display of a spoof proof IE -

This is how your browser should look like! Check your browser!

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:  Click Here to Test your Browser!


If u have doubts on a certain page u are browsing thru and wish to verify if its legitimate or not here’s somethin u can do ! just copy the code below and place it on the address bar u are viewing the page of doubt hit enter that will display the original page location!

javascript:alert("The Real URL address: " + location.protocol + "//" + location.hostname + "/");

Fix / Solution :

if u want a tool that can alert you wen there is a spoof like this then use the following toolbars they come in different flavors for different browsers :)


No comments: