CERT-In Vulnerability Note CIVN-2008-45
Microsoft Internet Explorer Popup Window Address Bar URI spoofing vulnerability
Original Issue Date:
April 11, 2008
Severity Rating:
High
System Affected
Overview
A vulnerability has been reported in Microsoft Internet Explorer that could be exploited by an attacker to disclose potentially sensitive information.
Description
A vulnerability has been reported in Microsoft Internet Explorer Address Bar. This vulnerability could be exploited by the attacker via specially crafted web page containing special characters in the URI that launches a pop up window. Opening this file may lead to a false sense of trust and the user may be presented with a source URI of a trusted site while
interacting with the attacker's malformed website.
Workarounds
- Do not click on URLs from untrusted sources such as unsolicited email or instant messages
- In order to display complete URL, Set Internet Explorer 7.0 to open pop-ups in new tab:
- Click Tools > Internet Options, on General Tab click on settings in TABS section.
- A Tabbed Browsing Settings window will open.
- Select "Always Open pop-ups in a new tab" under "When pop-up is encountered" section
- Click OK
- Click OK in Internet Options window
References
Security Focus
http://www.securityfocus.com/bid/28498/info
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
