Internet Explorer 7 Popup Address Bar Spoofing Weakness Date: Wednesday, October 25, 2006 @ 07:52:18 CDT Topic: Security SECUNIA ADVISORY ID: SA22542 VERIFY ADVISORY: http://secunia.com/advisories/22542/ CRITICAL: Less critical IMPACT: Spoofing WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 7.x - http://secunia.com/product/12366/ DESCRIPTION: A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks. The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions. The weakness is confirmed in Internet Explorer 7 on a fully patched Windows XP SP2 system. Secunia has constructed a demonstration, which is available at: http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/ SOLUTION: Do not follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous person. This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2472