Introduction

Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.

Test Case / Demonstration

The test will try to open Google.com in a new window after a few seconds it will display content controlled by Secunia (or the attacker/phisher).

For the test check out HERE (http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerabili ty_Test/)

Result
You are vulnerable, if a new window is opened and content from Secunia is displayed while the address bar still says "http://www.google.com/".

You are not vulnerable to this particular exploit, if you do not experience the above behaviour.

Credits
The test is based on Proof of Concept code by Hai Nam Luke.


Sources:
http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerabili ty_Test/
http://www.neowin.net/forum/index.php?showtopic=450204

Internet Explorer is the worst ever designed browser in the history of computing :roll:

yeah itz the worst, hope ie7 wont be lik dis

Hoooo my explorer has it. BTW i use opera for browsing and stuff.But the problem is my brother!! he uses IE :(

IE7 with the so called 'Anti Phishing' Filters built into the browser is also Vulnerable to this. :shock:
Its better MS reacts before Phishing websites go on a rampage.

My IE worked fine. It passed the test!

next time, ms sd give a separete update tool rather than fixing it with ie. coz itz the only time i use ie

when i left click on the link start test, nothing happens, what should i conclude?

my explorer is working fine...it has passed the test

Maxthon passed the test easily .. :| ..

Cumulative Security Update for Internet Explorer released. this fixes the above exploit. more info

zdnetindia (http://www.zdnetindia.com/news/security/stories/141700.html)

Microsoft patch page (http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx)

Got the patches 2 day ago by auto update

Maxthon passed the test easily .. :| ..
Isn't wonderful how a plugin to IE...written by very few developers can fix things but MS with its army can not?

Hey Eddie its not a plugin, its a complete browser in itself. It only uses IE's rendering engine .. anyways its always better than IE .. IE is ewwww ..

Yeah! Maxthon is a good browser, which uses same rendering engine of IE.

U can download Maxthon from here (http://www.maxthon.com/).

@it_waaznt_me: I don't think Maxthon is a "browser" in itself and I am not alone.
http://www.pcworld.com/reviews/article/0,aid,120763,pg,12,00.asp

Lol .. .Now I aint gonna run into semantics, but certainly its not a plugin . .. You can however call it a shell though ..

And btw .. It supports Gecko engine too, but I find it way to buggy so never use it ..

There r a whole lot of browsers running on the IE engine, only difference is that they have tabbing support, which is anyways incorporated into IE 7.
But ever since i found Firefox and the support (extension) of IE tabs in it.....i forgot i had a browser named IE :lol:

thank god..
i m not using IE...Opera rocks...rulez people....

use opera....

regards,
Parth.

hey mine browser passed the test
it displayed secunia.com on the bar also n opened that page only
i hope it passes it well

my browser passed the test too but ie7 flunked the test in my other xp without sp2!!