Jump to content

Internet Explorer URL Spoofing Vulnerability


Rbreb13
 Share

Recommended Posts

A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.

The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL.

Theres a test for this at the site. When I tested mine a few days ago I was vulnerable to this. http://secunia.com/advisories/10395/

Heres what Microsoft has to say. http://www.microsoft.com/security/incident/spoof.asp

And here is an Opensource fix I found that works. I have been using it for a couple days without any adverse effects. So it appears to be safe.

IE_Spoof_URL_fix.zip

Link to comment
Share on other sites

As usual Rb, thx a bunch.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...