Bugtraq mailing list archives
Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
From: thegeekmeister () SAFe-mail net
Date: Mon, 17 May 2004 13:09:21 -0800
i find that this apparently works just the same in mozilla firefox on gentoo linux 2004.1. the only way to detect that this is an image, or an image map, at all is to look at the source, or to select the text, as right clicking does not allow saving image or copying image location. -------- Original Message -------- From: Kurczaba Associates advisories <advisories () kurczaba com> Apparently from: bugtraq-return-14371-thegeekmeister=safe-mail.net () securityfocus com To: bugtraq () securityfocus com Subject: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Date: Mon, 17 May 2004 14:14:32 -0400
Microsoft Internet Explorer ImageMap URL Spoof Vulnerability http://www.kurczaba.com/securityadvisories/0405132.htm ------------------------------------------------------------- Vulnerability ID Number: 0405132 Overview: A vulnerability has been found in Microsoft Internet Explorer. A specially coded ImageMap can be used to spoof the URL displayed in the lower, left hand corner of the browser. Vendor: Microsoft (http://www.microsoft.com) Affected Systems/Configuration: The versions affected by this vulnerability are Microsoft Internet Explorer 5 and 6. Vulnerability/Exploit: An ImageMap can be used to spoof the URL displayed in the lower, left hand of the browser. View the "Proof of Concept" example for details. Workaround: None so far. Proof of Concept: http://www.kurczaba.com/securityadvisories/0405132poc.htm Date Discovered: May 13, 2004 Severity: High Credit: Paul Kurczaba Kurczaba Associates http://www.kurczaba.com/
Current thread:
- Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Kurczaba Associates advisories (May 17)
- <Possible follow-ups>
- RE: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Drew Copley (May 17)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability thegeekmeister (May 17)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Jan Kluka (May 18)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability sandrijeski (May 27)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Robert J Taylor (May 31)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Valdis . Kletnieks (May 31)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Peter Pentchev (May 31)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability http-equiv () excite com (May 27)