MacSTAC

MacSTAC was founded on April 1, 1978 as an Apple II MUG. We are a community group with members from all walks of life, careers and levels of ability. We welcome all Mac users to improve their knowledge and, in turn, share their Mac knowledge with others. http://macstac.org

Friday, April 21, 2006

Internet Explorer Address Bar Spoofing Vulnerability Test

http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/

Introduction

Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.

Test Case / Demonstration

The test will try to open Google.com in a new window after a few seconds it will display content controlled by Secunia (or the attacker/phisher).

Start the test:

Result
You are vulnerable, if a new window is opened and content from Secunia is displayed while the address bar still says "http://www.google.com/".

You are not vulnerable to this particular exploit, if you do not experience the above behaviour.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Visitors

Visitors

Blog Archive