Content
(MS07-057) Microsoft Internet Explorer Address Bar Spoofing Vulnerability I (939653)
- Type
- Logic error
- Impact of exploitation
- Spoofing
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2007-3892,
- CVE-2007-3826,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Internet Explorer 6,
- Internet Explorer 5.0.1 SP4,
- Internet Explorer 7,
- Summary
- A vulnerability in Internet Explorer may allow for spoofing attacks. A user would have to visit a malicious Web site for an attack to occur.
Tab Navigation
Description
Microsoft Internet Explorer is an industry-standard Web browser. A vulnerability in Microsoft Internet Explorer (IE) may allow for spoofing attacks. The flaw allows an attacker to show their URL in the address bar and display a different Web site in the browser window. A user would have to visit a malicious Web site for an attack to occur.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (939653): http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-057) Microsoft Internet Explorer Address Bar Spoofing Vulnerability I (939653)
- Signature identifier:
- 5516
- Release date:
- 10/9/2007
Additional Resources
Microsoft Security Bulletin: Cumulative Security Update for Internet Explorer (939653)
http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx
All Information
Timeline -
1/9/2008
Vendor has supplied information for a non-security related issue
10/9/2007
Vendor has provided a patch.
Description -
Microsoft Internet Explorer is an industry-standard Web browser. A vulnerability in Microsoft Internet Explorer (IE) may allow for spoofing attacks. The flaw allows an attacker to show their URL in the address bar and display a different Web site in the browser window. A user would have to visit a malicious Web site for an attack to occur.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (939653): http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-057) Microsoft Internet Explorer Address Bar Spoofing Vulnerability I (939653)
- Signature identifier:
- 5516
- Release date:
- 10/9/2007
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Cumulative Security Update for Internet Explorer (939653)
http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx
