Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Internet Explorer 7 vulnerability – browser entrapment

February 23rd 2007 in Uncategorized

Ok, *this* vulnerability demo is good.  Unlike other IE7 vulnerabilities that have been reported that resulted in weird behaviour that made it obvious to all but the most unobservant user that something weird is going on, this one is pretty much impossible to spot.


That being said, to take advantage of the vulnerability you’re going to have to convince somebody to visit a hostile site, and then convince the visitor to manually type a URL into the addressbar instead of using a link or favorite to go to a page, limiting its effectiveness.


The worst vulnerabilities are the ones that require no user interaction, or require user action that is normal behaviour.  Now, although it is ‘normal behaviour’ to type URLs into an addressbar under some circumstances, and it is normal that people are advised to do so, it must be remembered that they are advised to do so **instead of clicking hyperlinks in an email**, not when at a Web site.


The demonstration is here:
http://lcamtuf.coredump.cx/ietrap/


The Secunia advisory is here:
http://secunia.com/advisories/23014/


 


3 comments to...
“Internet Explorer 7 vulnerability – browser entrapment”

Sonic

Well, it doesn’t really trap me. You can open a new tab and type the web site you want to enter then close the original tab.



sandi

Sonic,

What you describe is also not “normal” behaviour. The average person isn’t going to take the steps you mention.



gmueller

MIght I recommend “spoofstick” http://spoofstick.com/
It’s free, and keeping an eye on the site it reports you are on, vs. what is showing in the address bar, will instantly alert you to the fact that you have been redirected to a spoofed site.


A Web page is blank in IE7http://support.microsoft.com/default.aspx/kb/933006
No fix just yet; simply a note that they’re aware of the cause and working on it.

Previous Entry

Firefox has been updated to fix a major security flaw.  Updates have been released for Windows, Mac and Linux (being v.1.50.0.10 and 2.0.0.2).
The primary vulnerability addressed by this update is the location.hostname vulnerability.  It is a doozy, potentially allowing hackers to tamper with authentication cookies for third party sites, and control how Web sites are […]

Next Entry