Info

Disclosure

Jun 13, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to spoof the information in the address bar in a way that preserves the original address bar and trusted UI of a trusted site even after the browser has been navigated to a malicious site. It is possible that the flaw may allow phishing attacks or loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Internet Explorer	5.0.1
		6.0

References

Bugtraq ID: 18321
CVE ID: 2006-2384 (see also: NVD)
Secunia Advisory ID: 20595
Related OSVDB ID: 26442 26443 26444 26446
Microsoft Knowledge Base Article: 916281
VUPEN Advisory: ADV-2006-2319
Keyword: aka the "Address Bar Spoofing Vulnerability."
News Article: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001182
Microsoft Security Bulletin: MS06-021

Credit

Yorick Koster - ITsec Security Services
hoshikuzu star_dust -

Direct URL: http://osvdb.org/26445

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit