SecurityTeam US Contribute  :  Advanced Search  :  Web Resources  :  Polls  :  File Repository  
 
advanced search  
Poll
What would you like to see on SecurityTeamUS?
More News
Product Reviews
HowTo's
Custom RPM/Packages/Tools
Other (Please leave comment)
Results
96 votes | 0 comments
Topics
Home
Apache
Apple
Application Software
Cisco Systems
Database Servers
Internet Explorer
Linux
Macromedia
Microsoft
Mozilla/Firefox
Phishing/ID Theft
Real Networks
Security News
Sun Microsystems
Web Appliances/Devices
Web Scripts
Wi-Fi
Virus Alerts
Events
There are no upcoming events
 Welcome to SecurityTeam US
 Monday, February 06 2012 @ 12:32 PM EST

Microsoft Internet Explorer Popup Title Bar Spoofing Weakness

    
Thursday, February 24 2005 @ 09:32 PM EST

Internet Explorerbitlance winter has discovered a weakness in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

Windows XP SP2 has a security feature, which forces the URL of a popup to the present in the title bar when a popup has been opened without the address bar.

The problem is that the title bar can be spoofed via an overly long hostname. This can e.g. be exploited by a malicious web site to trick a user into entering sensitive information in a popup placed over a trusted site.

The weakness has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.

SOFTWARE:
Microsoft Internet Explorer 6

SOLUTION:
Do not enter sensitive information in popups after following links from untrusted sources.

VERIFY ADVISORY:
http://secunia.com/advisories/14335/

Secunia Security Advisories

 
What's Related

Story Options

Microsoft Internet Explorer Popup Title Bar Spoofing Weakness | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2012 SecurityTeam US
 All trademarks and copyrights on this page are owned by their respective owners.		   Get Firefox!
Dedicated Servers
Created this page in 0.15 seconds