Microsoft Internet Explorer Address Bar Spoofing Vulnerability

2007-10-09T00:00:00
ID SMNTC-25915
Type symantec
Reporter Symantec Security Response
Modified 2007-10-09T00:00:00

Description

Description

Microsoft Internet Explorer is prone to a vulnerability that lets attackers spoof the address bar of a trusted site. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

Technologies Affected

  • HP Storage Management Appliance 2.1
  • HP Storage Management Appliance I
  • HP Storage Management Appliance II
  • HP Storage Management Appliance III
  • Microsoft Internet Explorer 5.0.1
  • Microsoft Internet Explorer 5.0.1 SP1
  • Microsoft Internet Explorer 5.0.1 SP2
  • Microsoft Internet Explorer 5.0.1 SP3
  • Microsoft Internet Explorer 5.0.1 SP4
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 6.0 SP1
  • Microsoft Internet Explorer 6.0 SP2 do not use
  • Microsoft Internet Explorer 7.0
  • Nortel Networks CallPilot 1002rp
  • Nortel Networks CallPilot 200i
  • Nortel Networks CallPilot 201i
  • Nortel Networks CallPilot 702t
  • Nortel Networks CallPilot 703t
  • Nortel Networks Centrex IP Client Manager 7.0.0
  • Nortel Networks Centrex IP Client Manager 8.0.0
  • Nortel Networks Centrex IP Client Manager 9.0
  • Nortel Networks Centrex IP Element Manager 7.0.0
  • Nortel Networks Centrex IP Element Manager 8.0.0
  • Nortel Networks Centrex IP Element Manager 9.0.0
  • Nortel Networks Contact Center
  • Nortel Networks Contact Center Administration
  • Nortel Networks Contact Center Express
  • Nortel Networks Contact Center Manager
  • Nortel Networks Contact Center Manager Server
  • Nortel Networks Contact Center Multimedia

Recommendations

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Set web browser security to disable the execution of script code or active content.
Since exploiting this issue may allow malicious script code to run in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect websites that rely on the execution of browser-based script code.

Microsoft has released an advisory along with fixes to address this issue. Please see the references for more information.