Another security hole found in IE

Advertisement (Why?)

Secunia published an advisory on Tuesday stating that an error could be exploited to fake the address bar in a browser window. This tactic could be used in phishing scams that attempt to trick people into believing they are on a legitimate site, when in fact they are viewing a fraudulent Web page. Phishing is a prevalent type of online scam that seeks to pilfer personal information from unsuspecting Internet users. The scams typically combine spam e-mail with fraudulent Web sites that appear to come from a trusted source, such as a credit card company or a bank.

The flaw exists because of an error in the way the Microsoft Web browser loads Web pages and Macromedia Flash animations, according to Secunia. The company rates the issue "moderately critical" and has created a special Web page where users can test their Web browser to see if they are affected. Secunia has confirmed that the vulnerability affects IE 6.0 on Windows XP with all current security patches. It also affects the latest IE 7 Beta release, Secunia said. Other versions may also be affected, it said.

Microsoft is investigating the newly reported flaw, a representative said in an e-mailed statement late Wednesday. "Our initial investigation has revealed that customers who have set their Internet security settings to high, or who have disabled active scripting, are at reduced risk from attack as the attack vector requires scripting," the representative said.

This is the fourth unpatched vulnerability for IE that has become public in the last few weeks. Microsoft plans to release a security update for the Web browser on Tuesday. At least one of the disclosed bugs will be fixed in that update, the company has said. That flaw, related to how IE handles the "createTextRange()" tag in Web pages, has been exploited in attacks to install spyware, remote-control software and Trojan horses on vulnerable PCs.

News source: CNet

(1 reply) #1 Cy Bones on 07 Apr 2006 - 13:36

The Internet Explorer Address Bar Spoofing Vulnerability Test can be found here:
http://secunia.com/Internet_Explorer_Addre...erability_Test/

The test will try to open Google.com in a new window after a few seconds it will display content controlled by Secunia (or the attacker/phisher).

You are vulnerable, if a new window is opened and content from Secunia is displayed while the address bar still says "http://www.google.com/".

You are not vulnerable to this particular exploit, if you do not experience the above behaviour.

#1.1 SMeK on 07 Apr 2006 - 20:54

Thanks for the link, i appear to be safe

(1 reply) #2 ripgut on 07 Apr 2006 - 14:04

Opened up in FF too.....

#2.1 markjensen on 07 Apr 2006 - 14:19

Did your url in your address bar show secunia.com or google.com?

(1 reply) #3 neufuse on 07 Apr 2006 - 14:20

wierd works in firefox for me also... doesnt in opera

#3.1 xMorpheousx416 on 07 Apr 2006 - 17:21

The link works in Firefox, it shows a Google page with the address bar as www.google.com, but if you were paying attention, after the Secunia page returns the address bar has changed back to Secunia. The spoof lies in seeing the Secunia page AND seeing Google in the address bar. That doesn't happen in Firefox.

I even tested the page using the IE Tab plugin within Firefox, and the page wouldn't even load. The vulnerability exists only in IE.

#4 Raven on 07 Apr 2006 - 14:25

How many more flaws will be found in Microsoft products? Just count the grains of sand on the beach and you'll come close... Ok, enough trolling.

Glad to see Firefox passed the test and doesn't suffer the bug. Will wonders never cease.
(passing the test shows the google web address momentarily then the secunia web address proving the bug does not affect Firefox.

#5 SimplyPotatoes on 07 Apr 2006 - 14:30

LYnx doesnt have this flaw !!!

#6 neufuse on 07 Apr 2006 - 14:44

my older version of firefox doesnt do that, it goes to google and stays there!... Haven't updated to 1.5 yet...

(1 reply) #7 Scorbing on 07 Apr 2006 - 14:56

I still insist......Use Opera and you will NEVER have these security problems.

#7.1 Mathiasdm on 07 Apr 2006 - 15:04

I call bull**** on this.

No application is 100% secure.

#8 yudi_lks on 07 Apr 2006 - 14:56

No, it doesn't work in my firefox...

(1 reply) #9 yudi_lks on 07 Apr 2006 - 14:57

Quote - neufuse said @ #4.1

Please update to 1.5

#9.1 RangerLG on 07 Apr 2006 - 20:45

Quote - yudi_lks said @ #6.1

Why?

#10 JiveMasterT on 07 Apr 2006 - 15:00

Doesnt work in maxthon... works in IE and Firefox for me though.

Whatever though, I don't think this is a big deal. If you fall for this trick then chances are you will fall for www.paypal.pay.com or something like that.

Always type in the URL of a website manually if you know it's requesting sensative information.

(1 reply) #11 tmahmood on 07 Apr 2006 - 15:22

FireFox - NO
IE - Yes
Avent - NO
Opera - NO

#11.1 protias on 07 Apr 2006 - 15:27

what are u getting at here?

its a wonder that this exploit (or ones just like it) have been known for a long time now and yet still continues to be exploited.

#12 cork1958 on 07 Apr 2006 - 15:27

IE - Yes
Opera - HELL NO!!

Yay, Opera!!

#13 RangerLG on 07 Apr 2006 - 15:51

It does redirect on Firefox, but the address bar shows secunia.com, not google.com. In my IE, it still shows google.com in the address bar even though it is obviously not Google. I did have to turn off my pop-up blocker in IE for the test to work.

#14 BBinder on 07 Apr 2006 - 15:59

is it just me when i try that exploit nothing happens, loads up google.com and thats it it doesnt show that secunia thing or anything and i'm using IE6

(1 reply) #15 Express on 07 Apr 2006 - 16:38

Me wondering the same thing. It doen't work for me.
Maybe because I installed all the optional installs.

#15.1 supernova_00 on 07 Apr 2006 - 17:59

Quote - Express said @ #13.1

You guys probably have active scripting disabled.

#16 Cryton on 07 Apr 2006 - 17:35

My abacus doesn't have this bug, wohoo!

(2 replies) #17 Abnil on 07 Apr 2006 - 17:47

Use Maxathon instead of IE. Problem Solved

#17.1 mr_da3m0n on 07 Apr 2006 - 17:54

Maxthon uses IE, right?
So what's the point?

#17.2 Abnil on 07 Apr 2006 - 17:55

that the vulnerability is not existant in Maxathon.

#18 Hastin on 07 Apr 2006 - 18:23

IE7B2P - Weird issue. It first shows the Google address, then flips to the secunia.com address, then back to the Google address.

Looks like they 'almost' had it fixed.

#19 Kreuger on 07 Apr 2006 - 19:19

Why are you guys testing other browsers? It CLEARLY says security hole found in IE

And for those of you who like to use IE still, I recommend this. And there's a Firefox version too if you worry about this stuff

(6 replies) #20 Croquant on 07 Apr 2006 - 20:52

Why do people still use IE?
Oh yeah: They're noobs. Sorry, I forgot.

#20.1 reidtheweed01 on 07 Apr 2006 - 22:21

I ONLY use IE, and i love it. Just by looking at what you typed, and you used the word noob, i am 100% sure you sit their at night looking at cartoon porn, and you got a ****load of spyware and viruses from going to those sites, and get ****ed off at microsoft. Well get of the computer you nerd, and quit going on the internet to make fun of people for what kind of software they use, do you not realize how stupid you sound when you people try to say these kind of things.

#20.2 Croquant on 07 Apr 2006 - 22:27

Hahah... you only use IE and you think I'm the one with spyware and virus problems? Wow... dumber than advertised.

#20.3 reidtheweed01 on 08 Apr 2006 - 00:32

i dont get anything dumbass, becuase i dont go to anime porn sites, have you heard of a vagina.

#20.4 Betaz on 08 Apr 2006 - 16:42

Wow, too much maturity here!

*backs away slowly*

#20.5 Ideas Man on 09 Apr 2006 - 00:35

I also use IE and haven't ever had any spyware, what's your point? Oh, I forgot, you're only chanting the line of the fireborg, continue your relentless assimilation, after all "We are borg, we are one, you will be assimilated".

Isn't it amazing the lack of maturity presented by the fireborg community. When the borg's browser has security issues, the IE community remains relatively quiet, but when IE has any issues, then fireborg starts back into the collective assimilation mode. Real mature guys, real mature.

#20.6 Shadowdruids on 11 Apr 2006 - 02:21

i use only IE and i havent got spyware or viruses....thats cuz i know how to protect myself, unlike some people...

omg a porn site is giving me free porn downloads via an activex control....must go download it....
-2 day later-
dam u microsoft for giving me so much spyware and **** on my comp...

#21 6XGate on 07 Apr 2006 - 21:32

It shows how close minded folks are when threads and articals like this get posted.

#22 Bawx on 08 Apr 2006 - 06:05

Maxthon ain't havin' that ****.

#23 ainoa on 08 Apr 2006 - 09:18

I don't have the problem using my IE, well...

#24 Shadowdruids on 11 Apr 2006 - 02:27

dont blame microsoft for bugs in IE...instead blame the people who have no life and sit at home for the full day trying to find ways to hack into other peoples computers.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net