Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

From: thegeekmeister () SAFe-mail net
Date: Mon, 17 May 2004 13:09:21 -0800
i find that this apparently works just the same in mozilla firefox on gentoo linux 2004.1.  the only way to detect that 
this is an image, or an image map, at all is to look at the source, or to select the text, as right clicking does not 
allow saving image or copying image location.

-------- Original Message --------
From: Kurczaba Associates advisories <advisories () kurczaba com>
Apparently from: bugtraq-return-14371-thegeekmeister=safe-mail.net () securityfocus com
To: bugtraq () securityfocus com
Subject: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
Date: Mon, 17 May 2004 14:14:32 -0400


Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

http://www.kurczaba.com/securityadvisories/0405132.htm
-------------------------------------------------------------

Vulnerability ID Number:
0405132


Overview:
A vulnerability has been found in Microsoft Internet Explorer. A 
specially coded ImageMap can be used to spoof the URL displayed in the 
lower, left hand corner of the browser.


Vendor:
Microsoft (http://www.microsoft.com)


Affected Systems/Configuration:
The versions affected by this vulnerability are Microsoft Internet 
Explorer 5 and 6.


Vulnerability/Exploit:
An ImageMap can be used to spoof the URL displayed in the lower, left 
hand of the browser. View the "Proof of Concept" example for details.


Workaround:
None so far.


Proof of Concept:
http://www.kurczaba.com/securityadvisories/0405132poc.htm


Date Discovered:
May 13, 2004


Severity:
High


Credit:
Paul Kurczaba
Kurczaba Associates
http://www.kurczaba.com/
Previous By Date Next
Previous By Thread Next

Current thread: