Signature Detail

DNS: Microsoft Internet Explorer Status Bar Spoofing

This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. Attackers can send client DNS requests in response to the download of a maliciously crafted HTML document. These documents can contain links designed to trick Microsoft Internet Explorer into displaying the wrong URI in the status bar.

Extended Description

Microsoft Internet Explorer is prone to a vulnerability related to URI decoding. A bug in how the browser parses encoded URI data may allow zone bypass. As a result, it is possible to force the browser to interpret Web content in the Local Zone. This could be exploited to execute arbitrary code in the context of the user who is currently logged in. Cross-site scripting attacks are also possible due to this issue, as well as partial address bar obfuscation. This vulnerability is similar to the zone bypass attack described in BID 10517.

Affected Products

• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Nortel Networks IP softphone 2050
• Nortel Networks Mobile Voice Client 2050
• Nortel Networks Optivity Telephony Manager (OTM)
• Nortel Networks Symposium Web Center Portal (SWCP)
• Nortel Networks Symposium Web Client

References

• BugTraq: 12473
• CVE: CVE-2005-0054
• URL: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0290.html
• URL: http://www.kb.cert.org/vuls/id/580299