New Internet Explorer Exploit

naveenchandran · 07-04-2006, 11:24 AM

Introduction

Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.

Test Case / Demonstration

The test will try to open Google.com in a new window after a few seconds it will display content controlled by Secunia (or the attacker/phisher).

For the test check out HERE

Result
You are vulnerable, if a new window is opened and content from Secunia is displayed while the address bar still says "http://www.google.com/".

You are not vulnerable to this particular exploit, if you do not experience the above behaviour.

Credits
The test is based on Proof of Concept code by Hai Nam Luke.

Sources:
http://secunia.com/Internet_Explorer...rability_Test/
http://www.neowin.net/forum/index.php?showtopic=450204

Internet Explorer is the worst ever designed browser in the history of computing :roll:

Vyasram · 07-04-2006, 10:16 PM

yeah itz the worst, hope ie7 wont be lik dis

Charan · 07-04-2006, 11:28 PM

Hoooo my explorer has it. BTW i use opera for browsing and stuff.But the problem is my brother!! he uses IE

Netjunkie · 07-04-2006, 11:34 PM

IE7 with the so called 'Anti Phishing' Filters built into the browser is also Vulnerable to this.

Its better MS reacts before Phishing websites go on a rampage.

08-04-2006, 07:39 AM

My IE worked fine. It passed the test!

Vyasram · 08-04-2006, 08:01 AM

next time, ms sd give a separete update tool rather than fixing it with ie. coz itz the only time i use ie

ashfame · 10-04-2006, 06:40 PM

when i left click on the link start test, nothing happens, what should i conclude?

ravi_9793 · 10-04-2006, 10:20 PM

my explorer is working fine...it has passed the test

it_waaznt_me · 10-04-2006, 11:48 PM

Maxthon passed the test easily ..

..

Charan · 13-04-2006, 11:46 PM

Cumulative Security Update for Internet Explorer released. this fixes the above exploit. more info

zdnetindia

Microsoft patch page

nishant_nms · 14-04-2006, 07:55 AM

Got the patches 2 day ago by auto update

eddie · 14-04-2006, 07:45 PM

Quote:

Originally Posted by it_waaznt_me

Maxthon passed the test easily ..

..

Isn't wonderful how a plugin to IE...written by very few developers can fix things but MS with its army can not?

it_waaznt_me · 15-04-2006, 12:23 AM

Hey Eddie its not a plugin, its a complete browser in itself. It only uses IE's rendering engine .. anyways its always better than IE .. IE is ewwww ..

Vishal Gupta · 15-04-2006, 12:26 AM

Yeah! Maxthon is a good browser, which uses same rendering engine of IE.

U can download Maxthon from here.

eddie · 15-04-2006, 01:09 AM

@it_waaznt_me: I don't think Maxthon is a "browser" in itself and I am not alone.
http://www.pcworld.com/reviews/artic...3,pg,12,00.asp

it_waaznt_me · 15-04-2006, 03:17 PM

Lol .. .Now I aint gonna run into semantics, but certainly its not a plugin . .. You can however call it a shell though ..

And btw .. It supports Gecko engine too, but I find it way to buggy so never use it ..

MysticHalo · 15-04-2006, 11:41 PM

There r a whole lot of browsers running on the IE engine, only difference is that they have tabbing support, which is anyways incorporated into IE 7.
But ever since i found Firefox and the support (extension) of IE tabs in it.....i forgot i had a browser named IE

parthbarot · 18-04-2006, 10:41 AM

thank god..
i m not using IE...Opera rocks...rulez people....

use opera....

regards,
Parth.

prachi_saxena · 18-04-2006, 11:46 AM

hey mine browser passed the test
it displayed secunia.com on the bar also n opened that page only
i hope it passes it well

Ankur Gupta · 25-04-2006, 08:05 PM

my browser passed the test too but ie7 flunked the test in my other xp without sp2!!

07-04-2006, 11:24 AM	#1 (permalink)
naveenchandran In The Zone Join Date: May 2004 Location: Hosur Operating System:GNU Posts: 451	New Internet Explorer Exploit Introduction Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks. Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable. Test Case / Demonstration The test will try to open Google.com in a new window after a few seconds it will display content controlled by Secunia (or the attacker/phisher). For the test check out HERE Result You are vulnerable, if a new window is opened and content from Secunia is displayed while the address bar still says "http://www.google.com/". You are not vulnerable to this particular exploit, if you do not experience the above behaviour. Credits The test is based on Proof of Concept code by Hai Nam Luke. Sources: http://secunia.com/Internet_Explorer...rability_Test/ http://www.neowin.net/forum/index.php?showtopic=450204 Internet Explorer is the worst ever designed browser in the history of computing :roll: __________________ Million's Of Open Minds Can't Be Wrong! http://nc.xmgfree.com/weblog Everybody Wants to go to Heaven...But nobody wants to Die!

07-04-2006, 10:16 PM	#2 (permalink)
Vyasram The pWnster Join Date: Oct 2004 Location: Karaikudi,TN Posts: 841	yeah itz the worst, hope ie7 wont be lik dis __________________ Sigs suck

07-04-2006, 11:28 PM	#3 (permalink)
Charan >:)I-):(\|)8-X Join Date: Sep 2004 Location: ಬೆಂಗಳೂರು (Bengaluru) Posts: 3,511	Hoooo my explorer has it. BTW i use opera for browsing and stuff.But the problem is my brother!! he uses IE __________________ i5 2400 \| DH67BL \| G.Skill Ripjaw 4 GB \| FSP SAGA II 500W \| CM 430 Black Elite \| MSI R6850 Cyclone PE/OC \| XBox 360 Controller \| 21.5" Samsung Sync Master 2233 \| 4 Mbps UL

08-04-2006, 07:39 AM	#5 (permalink)
saiaspire Guest Posts: n/a	Non-Vulnearable My IE worked fine. It passed the test!

08-04-2006, 08:01 AM	#6 (permalink)
Vyasram The pWnster Join Date: Oct 2004 Location: Karaikudi,TN Posts: 841	next time, ms sd give a separete update tool rather than fixing it with ie. coz itz the only time i use ie __________________ Sigs suck

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine

	Advertisements. Register and be a member of the community to get rid of them.
Advertisement

07-04-2006, 11:34 PM	#4 (permalink)
Netjunkie In The Zone Join Date: Apr 2005 Location: Hitech City, "Hyderabad" Posts: 325	IE7 with the so called 'Anti Phishing' Filters built into the browser is also Vulnerable to this. Its better MS reacts before Phishing websites go on a rampage.

10-04-2006, 06:40 PM	#7 (permalink)
ashfame Alpha Geek Join Date: Mar 2006 Location: Delhi / Jaipur Posts: 761	when i left click on the link start test, nothing happens, what should i conclude?

10-04-2006, 10:20 PM	#8 (permalink)
ravi_9793 TechTin.com Join Date: Jun 2005 Location: www.TechTin.com Posts: 4,082	my explorer is working fine...it has passed the test __________________ www.9zap.com/forums -> Indian Webmaster Forum whost.in - Web Hosting Offers thinkdigit.com/forum/showthread.php?t=109137 TechTin.com

10-04-2006, 11:48 PM	#9 (permalink)
it_waaznt_me Coming back to life .. Join Date: Nov 2003 Location: A bit closer to heaven Posts: 1,995	Maxthon passed the test easily .. .. __________________ Sleight of hand and twist of fate... On a bed of nails she makes me wait... And I wait without you ... With or without you .. ---- Batty = Too Busy Now !!!

13-04-2006, 11:46 PM	#10 (permalink)
Charan >:)I-):(\|)8-X Join Date: Sep 2004 Location: ಬೆಂಗಳೂರು (Bengaluru) Posts: 3,511	Cumulative Security Update for Internet Explorer released. this fixes the above exploit. more info zdnetindia Microsoft patch page

14-04-2006, 07:55 AM	#11 (permalink)
nishant_nms Wise Old Owl Join Date: Sep 2005 Location: Pune Posts: 1,344	Got the patches 2 day ago by auto update __________________ AMD Athlon64 2800+\|ASUS K8N-VM\|2GB DDR400\|Corsair VX450\|Seagate ST3500320AS\|Samsung SV0411N\|LG 22xDVDRW\|LG 700S\|APC ES500\|Altec Lancing AVS300\|Logitech MX3200\|Logitech QuickCam Connect\|Philips SHM6105

15-04-2006, 12:23 AM	#13 (permalink)
it_waaznt_me Coming back to life .. Join Date: Nov 2003 Location: A bit closer to heaven Posts: 1,995	Hey Eddie its not a plugin, its a complete browser in itself. It only uses IE's rendering engine .. anyways its always better than IE .. IE is ewwww .. __________________ Sleight of hand and twist of fate... On a bed of nails she makes me wait... And I wait without you ... With or without you .. ---- Batty = Too Busy Now !!!

15-04-2006, 12:26 AM	#14 (permalink)
Vishal Gupta Microsoft MVP Join Date: Jul 2005 Location: AskVG.com Posts: 5,173	Yeah! Maxthon is a good browser, which uses same rendering engine of IE. U can download Maxthon from here. __________________ http://www.AskVG.com/

15-04-2006, 01:09 AM	#15 (permalink)
eddie El mooooo Join Date: Jan 2006 Location: India Posts: 1,414	@it_waaznt_me: I don't think Maxthon is a "browser" in itself and I am not alone. http://www.pcworld.com/reviews/artic...3,pg,12,00.asp

15-04-2006, 03:17 PM	#16 (permalink)
it_waaznt_me Coming back to life .. Join Date: Nov 2003 Location: A bit closer to heaven Posts: 1,995	Lol .. .Now I aint gonna run into semantics, but certainly its not a plugin . .. You can however call it a shell though .. And btw .. It supports Gecko engine too, but I find it way to buggy so never use it .. __________________ Sleight of hand and twist of fate... On a bed of nails she makes me wait... And I wait without you ... With or without you .. ---- Batty = Too Busy Now !!!

15-04-2006, 11:41 PM	#17 (permalink)
MysticHalo Your Maker. Join Date: Jan 2006 Location: mumba][ Posts: 397	There r a whole lot of browsers running on the IE engine, only difference is that they have tabbing support, which is anyways incorporated into IE 7. But ever since i found Firefox and the support (extension) of IE tabs in it.....i forgot i had a browser named IE __________________ “Talent is a flame, but genius is a fire.”

18-04-2006, 10:41 AM	#18 (permalink)
parthbarot In The Zone Join Date: Sep 2004 Location: .::OnLine::. Posts: 388	thank god.. i m not using IE...Opera rocks...rulez people.... use opera.... regards, Parth. __________________ www.techlads.com Paarth.

18-04-2006, 11:46 AM	#19 (permalink)
prachi_saxena Right Off the Assembly Line Join Date: Apr 2006 Posts: 1	hey mine browser passed the test it displayed secunia.com on the bar also n opened that page only i hope it passes it well

25-04-2006, 08:05 PM	#20 (permalink)
Ankur Gupta Wandering in time... Join Date: Nov 2004 Location: Delhi,India Posts: 1,293	my browser passed the test too but ie7 flunked the test in my other xp without sp2!! __________________ Integrate Yourself With The Latest Happenings..... www.ankur-gupta.com/blog

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode