Content
(MS06-021) Microsoft Internet Explorer Address Bar Spoof and Information Disclosure
- Type
- Logic error
- Impact of exploitation
- Information disclosure
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2006-2384,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Windows XP SP1,
- Windows XP SP2,
- Windows 2003 SP0 - SP1,
- Internet Explorer 6.0 SP0,
- Internet Explorer 5.0.1 SP4,
- Internet Explorer 6.0 SP1,
- Internet Explorer 6.0 SP2,
- Summary
- A vulnerability in Microsoft Internet Explorer exists that may allow for spoofing of the address bar leading to information disclosure.
Tab Navigation
Description
Microsoft Internet Explorer is an industry standard web browser. A vulnerability exists in Microsoft Internet Explorer that may allow an attacker to spoof the address bar or disclose sensitive information. The flaw resides in the ability for an attacker to spoof an address bar to that of a trusted website with the actual content being controlled by the attacker. This could allow for theft of sensitive information. Affected Systems: Internet Explorer 5.01 Service Pack 4 Internet Explorer 6 SP0 - SP2 For more information see: http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (KB916281): http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS06-021) Microsoft Internet Explorer Address Bar Spoof and Information Disclosure
- Signature identifier:
- 4408
- Release date:
- 6/13/2006
- First released in:
- Protected by Foundstone
McAfee Intrushield
- Signature:
- Microsoft IE Address Bar Spoofing Vulnerability
- Signature identifier:
- 0x4022B300
- Release date:
- 6/13/2006
- First released in:
- sigset 3.1.15
Additional Resources
Microsoft Security Bulletin: Cumulative Security Update for Internet Explorer (916281)
http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx
All Information
Timeline -
6/13/2006
Vendor has provided a patch.
Description -
Microsoft Internet Explorer is an industry standard web browser. A vulnerability exists in Microsoft Internet Explorer that may allow an attacker to spoof the address bar or disclose sensitive information. The flaw resides in the ability for an attacker to spoof an address bar to that of a trusted website with the actual content being controlled by the attacker. This could allow for theft of sensitive information. Affected Systems: Internet Explorer 5.01 Service Pack 4 Internet Explorer 6 SP0 - SP2 For more information see: http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (KB916281): http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS06-021) Microsoft Internet Explorer Address Bar Spoof and Information Disclosure
- Signature identifier:
- 4408
- Release date:
- 6/13/2006
- First released in:
- Protected by Foundstone
McAfee Intrushield
- Signature:
- Microsoft IE Address Bar Spoofing Vulnerability
- Signature identifier:
- 0x4022B300
- Release date:
- 6/13/2006
- First released in:
- sigset 3.1.15
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Cumulative Security Update for Internet Explorer (916281)
http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx
