JVNDB-2006-000345

Microsoft Internet Explorer address bar spoofing vulnerability

Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user's web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while the spoofed content remains under the control of the remote attacker.

Microsoft Corporation

• Microsoft Internet Explorer 5.01
• Microsoft Internet Explorer 6
• Microsoft Internet Explorer 6 for Microsoft Windows XP
• Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
• Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems
• Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 Professional x64 Edition
• Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
• Microsoft Windows 2000
• Microsoft Windows 9X 98
• Microsoft Windows 9X 98 scd
• Microsoft Windows 9X me
• Microsoft Windows Server 2003
• Microsoft Windows Server 2003 (itanium)
• Microsoft Windows Server 2003 (x64)
• Microsoft Windows XP sp3
• Microsoft Windows XP (x64)

An user could be navigated to visit an untrusted malicous website even though the user intends to visit a trusted website. Therefore an attacker could possibly conduct a physing attack.

Microsoft Corporation

• Microsoft Security Bulletin : MS06-021

1. CVE-2006-2384

1. JVN : JVNTA06-164A (Japanese)
2. JVN : JVN#74969119
3. JVN Status Tracking Notes : TRTA06-164A (Japanese)
4. National Vulnerability Database (NVD) : CVE-2006-2384
5. US-CERT Cyber Security Alerts : SA06-164A
6. US-CERT Technical Cyber Security Alert : TA06-164A
7. SecurityFocus : 18321
8. FrSIRT Advisories : FrSIRT/ADV-2006-2319

• [2008/05/21]
    Web page published