Content
Microsoft Internet Explorer Popup Address Bar Spoofing Vulnerability
- Type
- Logic error
- Impact of exploitation
- Spoofing
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2006-5544,
- Vendor Status
- Responded, not patched
- Vulnerable systems
- Internet Explorer 7,
- Windows XP SP0 - SP2,
- Windows 2000 SP4,
- Windows 2003 SP0 - SP1,
- Summary
- A vulnerability exists in Microsoft Internet Explorer that may allow for phishing attacks. A victim would have to be coerced into clicking a malicious link and interacting with a pop-up window for exploitation to be successful.
Tab Navigation
Description
Microsoft Internet Explorer (IE) is an industry-standard Web browser developed by Microsoft. A vulnerability exists in Microsoft IE that may allow for phishing attacks. Using a specially-crafted URL, it is possible to create an Internet explorer pop-up window with a spoofed address bar. The user may think that this popup is from a trusted site that opens in a normal window. Successful exploitation would involve a user being coerced into clicking a malicious link. The victim would further need to input sensitive information into the accompanying pop-up window or follow further malicious links from this 'trusted' pop-up.
McAfee Product Mitigation & Recommendations
Recommendations
McAfee AVERT Labs is not aware of a vendor-supplied patch/upgrade at this time.
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- Microsoft Internet Explorer Popup Address Bar Spoofing Vulnerability
- Signature identifier:
- 4721
- Release date:
- 10/30/2006
- First released in:
McAfee Intrushield
McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Internet Explorer 7 Popup Address Bar Spoofing Weakness
- Signature identifier:
- 0x40220E00
- Release date:
- 11/14/2006
- First released in:
- sigset(s) 1.8.86, 1.9.69, 2.1.52, 3.1.25
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- [0day] Internet Explorer 7 Address Bar Spoofing Vulnerability
- Signature identifier:
- 3778
- Release date:
- 11/14/2006
- First released in:
- security content 739
Additional Resources
Internet Explorer 7 Popup Address Bar Spoofing Weakness
http://secunia.com/advisories/22542/
IE Address Bar Issue
http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx
All Information
Timeline -
10/26/2006
Vendor has provided information on the vulnerability.
10/25/2006
Vulnerability information has been publicly disclosed.
10/25/2006
Proof of concept example has been released.
Description -
Microsoft Internet Explorer (IE) is an industry-standard Web browser developed by Microsoft. A vulnerability exists in Microsoft IE that may allow for phishing attacks. Using a specially-crafted URL, it is possible to create an Internet explorer pop-up window with a spoofed address bar. The user may think that this popup is from a trusted site that opens in a normal window. Successful exploitation would involve a user being coerced into clicking a malicious link. The victim would further need to input sensitive information into the accompanying pop-up window or follow further malicious links from this 'trusted' pop-up.
McAfee Product Mitigation & Recommendations
Recommendations -
McAfee AVERT Labs is not aware of a vendor-supplied patch/upgrade at this time.
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- Microsoft Internet Explorer Popup Address Bar Spoofing Vulnerability
- Signature identifier:
- 4721
- Release date:
- 10/30/2006
- First released in:
McAfee Intrushield
McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Internet Explorer 7 Popup Address Bar Spoofing Weakness
- Signature identifier:
- 0x40220E00
- Release date:
- 11/14/2006
- First released in:
- sigset(s) 1.8.86, 1.9.69, 2.1.52, 3.1.25
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- [0day] Internet Explorer 7 Address Bar Spoofing Vulnerability
- Signature identifier:
- 3778
- Release date:
- 11/14/2006
- First released in:
- security content 739
Additional Resources
Additional Resources -
Internet Explorer 7 Popup Address Bar Spoofing Weakness
http://secunia.com/advisories/22542/
IE Address Bar Issue
http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx
