SECUNIA ADVISORY ID: SA22542

VERIFY ADVISORY: http://secunia.com/advisories/22542/

CRITICAL: Less critical

IMPACT: Spoofing

WHERE: >From remote

SOFTWARE: Microsoft Internet Explorer 7.x - http://secunia.com/product/12366/

DESCRIPTION: A weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks. The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions. The weakness is confirmed in Internet Explorer 7 on a fully patched Windows XP SP2 system.

Secunia has constructed a demonstration, which is available at: http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/

SOLUTION: Do not follow links from untrusted sources.

PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous person.