Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Browsers :: hack4264.htm

New URL spoofing bug in Microsoft Internet Explorer



New URL spoofing bug in Microsoft Internet Explorer

New URL spoofing bug in Microsoft Internet Explorer

There is a security bug in Internet Explorer 6.0.2800.1106 (fully patched),
which allowes to show any faked target-address in the status bar of the
window.

The example below will display a faked URL ("http://www.microsoft.com/") in 
the status bar of the window, if you move your mouse over the link. Click
on the link and IE will go to "http://www.google.com/" and NOT to 
"http://www.microsoft.com/" . 

href="http://www.microsoft.com/">
Click">href="http://www.google.com/">Click here
Description: Microsoft Internet Explorer can't handle links surrounded by a table and an other link correct. The bug can be exploited using HTML mail message too. Affected software: Microsoft Internet Explorer, Microsoft Outlook Express, ... Workaround: Don't click on non-trusted links. Or right-click on links to see the real target. Or use Copy-and-Paste. Regards, Benjamin Tobias Franz Germany


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH