Signature Detail

HTTP: Internet Explorer Address Bar Spoofing (2)

This signature detects attempts to exploit a known vulnerability against Internet Explorer (IE) 5.0 and 6.0. A successful attack can lead to arbitrary code execution. A spoofing vulnerability exists in IE that allows an attacker to display spoofed content in a browser window. The address bar and other parts of the trusted UI can be displayed from trusted Web sites, but the window content contains the attackers Web page.

Extended Description

Internet Explorer is prone to address-bar spoofing. An attacker can exploit this issue to display the URI of a trusted and known site in the address bar, while running an attacker-supplied Macromedia Flash application. This may aid in phishing-style attacks and possibly allow access to properties of the trusted domain.

Affected Products

• Microsoft Internet Explorer 5.0
• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 For Windows 2000
• Microsoft Internet Explorer 5.0.1 For Windows 95
• Microsoft Internet Explorer 5.0.1 For Windows 98
• Microsoft Internet Explorer 5.0.1 For Windows NT 4.0
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 5.0 For Windows 2000
• Microsoft Internet Explorer 5.0 For Windows 95
• Microsoft Internet Explorer 5.0 For Windows 98
• Microsoft Internet Explorer 5.0 For Windows NT 4.0
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 Preview
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Internet Explorer 7.0 Beta1
• Microsoft Internet Explorer 7.0 Beta2

References

• BugTraq: 17404
• CVE: CVE-2006-1626