Microsoft IE Address Bar URL Spoofing

2001-05-06T23:10:24
ID OSVDB:5694
Type osvdb
Reporter Hasan Alpaslan Sinanoglu(alp@uk2.net)
Modified 2001-05-06T23:10:24

Description

Vulnerability Description

Microsoft Internet Explorer has an issue that may allow a web site to display an arbitrary URL in the address bar different to the one actually being visited. This would allow a malicious site to spoof the contents of a legitimate site in an attempt to steal sensitive data from users. This can take place within a SSL session to further add to the legimacy of the spoof.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft Internet Explorer has an issue that may allow a web site to display an arbitrary URL in the address bar different to the one actually being visited. This would allow a malicious site to spoof the contents of a legitimate site in an attempt to steal sensitive data from users. This can take place within a SSL session to further add to the legimacy of the spoof.

References:

Microsoft Security Bulletin: MS01-027 Microsoft Knowledge Base Article: 299474 ISS X-Force ID: 6556 CVE-2001-0339 CIAC Advisory: l-087 CERT VU: 988768 Bugtraq ID: 2737