Microsoft IE Non-breaking Spaces Popup Address Bar Spoofing

2006-10-25T03:48:52
ID OSVDB:30022
Type osvdb
Reporter OSVDB
Modified 2006-10-25T03:48:52

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw related to the way it displays urls in the address bar of pop-up windows that may allow an attacker to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0).

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Click on the address bar in the pop up window and scroll to the left to see the url of the page.

Short Description

Microsoft Internet Explorer contains a flaw related to the way it displays urls in the address bar of pop-up windows that may allow an attacker to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0).

References:

Security Tracker: 1017122 Secunia Advisory ID:22542 Other Advisory URL: http://blogs.technet.com/msrc/archive/2006/10/26/ie-address-bar-issue.aspx News Article: http://news.com.com/Spoofing+bug+found+in+IE+7/2100-1002_3-6129626.html Keyword: phishing ISS X-Force ID: 29827 Generic Exploit URL: http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/ CVE-2006-5544 CERT VU: 347188 Bugtraq ID: 20728