The error could be exploited to fake the address bar in a browser window, security monitoring company Secunia said in an advisory published on Tuesday. This tactic could be used in phishing scams that attempt to trick people into believing they are on a legitimate site, when in fact they are viewing a fraudulent Web page.
Phishing is a prevalent type of online scam that seeks to pilfer personal information from unsuspecting Internet users. The scams typically combine spam e-mail with fraudulent Web sites that appear to come from a trusted source, such as a credit card company or a bank.
The flaw exists because of an error in the way the Microsoft Web browser loads Web pages and Macromedia Flash animations, according to Secunia. The company rates the issue "moderately critical" and has created a special Web page where users can test their Web browser to see if they are affected.
Secunia has confirmed that the vulnerability affects IE 6.0 on Windows XP with all current security patches. It also affects the latest IE 7 Beta release, Secunia said. Other versions may also be affected, it said.
Microsoft is investigating the newly reported flaw, a representative said in an e-mailed statement late Wednesday. "Our initial investigation has revealed that customers who have set their Internet security settings to high, or who have disabled active scripting, are at reduced risk from attack as the attack vector requires scripting," the representative said.
Additionally, Microsoft noted that it has not seen any active attacks that take advantage of this issue, which Secunia has dubbed the "Internet Explorer Window Loading Race Condition Address Bar Spoofing" flaw.
This is the fourth unpatched vulnerability for IE that has become public in the last few weeks. Microsoft plans to release a security update for the Web browser on Tuesday. At least one of the disclosed bugs will be fixed in that update, the company has said. That flaw, related to how IE handles the "createTextRange()" tag in Web pages, has been exploited in attacks to install spyware, remote-control software and Trojan horses on vulnerable PCs.
If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .
Previous hacks
Previous Hacks
This link kills spam
spam IP addresses
These are sites I block at my firewall.
cdn2.gms1.net
gms1.net
servedby.advertising.com
advertising.com
a.tribalfusion.com
tribalfusion.com
pimpslord.com
altfarm.mediaplex.com
mediaplex.com
ad.yeildmanager.com
yeildmanager.com
doubleclick.net
isg32.casalemedia.com
casalemedia.com
Two very recommended books:
. . The only hacking forum I have found worth mentioning here