Secunia: Internet Explorer 7 Popup Address Bar Spoofing Weakness

Posted by bink on October 26 2006, 1:49 PM. Posted in Internet Explorer.

A LESS CRITICAL weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.Secunia has constructed a demonstration, which is available at:http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/The weakness is confirmed in Internet Explorer 7 on a fully patched Windows XP SP2 system.Solution:Do not follow links from untrusted sources.Provided and/or discovered by:Discovered by an anonymous person.