KDE Konqueror ImageMap URL Spoofing

2004-05-08T00:00:00
ID OSVDB:6579
Type osvdb
Reporter http-equiv(http-equiv@excite.com )
Modified 2004-05-08T00:00:00

Description

Vulnerability Description

Konqueror contains a flaw that may allow a malicious user spoof a trusted web page. The issue is triggered by a specially crafted URL containing an IMG tag within an A HREF tag that specifies the destination address using the MAP tag, which will be loaded in a user's browser and a different URL would be displayed in the status bar of a spoofed Web page. It is possible that the flaw may allow a malicious user to spoof a valid website, resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Konqueror contains a flaw that may allow a malicious user spoof a trusted web page. The issue is triggered by a specially crafted URL containing an IMG tag within an A HREF tag that specifies the destination address using the MAP tag, which will be loaded in a user's browser and a different URL would be displayed in the status bar of a spoofed Web page. It is possible that the flaw may allow a malicious user to spoof a valid website, resulting in a loss of integrity.

References:

Related OSVDB ID: 6538 Related OSVDB ID: 6580 Other Advisory URL: http://www.securiteam.com/windowsntfocus/5UP0B2ACUK.html Other Advisory URL: http://www.kurczaba.com/securityadvisories/0405132poc.htm Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-05/0163.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0362.html ISS X-Force ID: 16102 Bugtraq ID: 10383