BugTraq: New URL spoofing bug in Microsoft Internet Explorer

There is a security bug in Internet Explorer 6.0.2800.1106 (fully patched), which allowes to show any faked target-address in the status bar of the window“, posted by Benjamin Tobias Franz in SecuritryFocus BugTraq.

Description: Microsoft Internet Explorer can’t handle links surrounded by a table and an other link correct.

The bug can be exploited using HTML mail message too.

Affected software: Microsoft Internet Explorer, Microsoft Outlook Express

Workaround: Don’t click on non-trusted links. Or right-click on links to see the real target. Or use Copy-and-Paste.

Example has been provided.


Leave a Reply