copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
AusCERT N...
» AA-2003.04 -- Microsoft Internet Explorer incorrectl...
AA-2003.04 -- Microsoft Internet Explorer incorrectly displays URLs
Date:
10 December 2003
References
:
ESB-2004.0083
ESB-2004.0175
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AA-2003.04 AUSCERT Advisory Microsoft Internet Explorer incorrectly displays URLs 10 December 2003 Last Revised: 12 December 2003 - ---------------------------------------------------------------------------- Product: Microsoft Internet Explorer 6.0 for Windows Microsoft Internet Explorer 5.5 for Windows Operating System: Microsoft Windows Impact: Reduced Security Access Required: Remote This vulnerability can be exploited to allow the information in the address bar to not reflect the true origin of the web page. Exploit information involving this vulnerability has been made publicly available. AusCERT recommends that sites consider taking the steps outlined in section 3. This advisory may be updated as more information becomes available. - ---------------------------------------------------------------------------- 1. Description Internet Explorer is a widely used web browser. Normally, the URL of the web site currently being viewed is displayed in the Address bar. However, certain URLs can be used to disguise the true origin of a web page by displaying misleading information in the Address bar. Note that this includes misleading HTTPS URLs. Exploit information and proof of concept code involving this vulnerability has been made publicly available on the BugTraq [1] and Full Disclosure [2] mailing lists. The AusCERT web site has a copy of this proof of concept [3]. Currently there are no vendor patches available that address this vulnerability. AusCERT recommends that official vendor patches be installed when they are made available. 2. Impact This vulnerability is reported to affect (fully patched) Internet Explorer 5.5 and 6 on Microsoft Windows platforms. This vulnerability does not require Active Scripting to be enabled for successful exploitation. There are currently no patches available from Microsoft to address this vulnerability. This gives a greater potential for a malicious web page to masquerade as a legitimate web site. AusCERT anticipates that this vulnerability will be used by fraudulent online banking, electronic payment and online software update sites. The perception of authenticity may be increased due to display of an expected URL and the display of the security padlock. In order to check the validity of a site, the user must check the certificate details and ensure they match the URL being displayed. 3. Workarounds/Mitigation Because of this and other recent vulnerabilities for which there are no patches available [4], AusCERT sees the use of alternative browsers as the only current effective workaround. Mozilla and Netscape browsers do not appear to be affected by this vulnerability. Note that Internet Explorer components are used by other programs (such as Outlook Express) to render web content and therefore may also be subject to vulnerability. It has been reported that Internet Explorer running on the Mac OS or Mac OS X platforms is not affected by this vulnerability. AusCERT also recommends Internet users follow the guidelines listed in [5]. REFERENCES: [1] Internet Explorer URL parsing vulnerability http://www.securityfocus.com/archive/1/346948 [2] [Full-Disclosure] FWD: Internet Explorer URL parsing vulnerability http://lists.netsys.com/pipermail/full-disclosure/2003-December/014663.html [3] Microsoft Internet Explorer - hidden URL proof of concept https://www.auscert.org.au/render.html?it=3678 [4] AU-2003.019 -- AusCERT Update - Exploit Code Publicly Available for Microsoft Internet Explorer Cross Domain Scripting Vulnerabilities https://www.auscert.org.au/render.html?it=3643 [5] AL-2003.04 -- Increase in fraudulent activity targeting users of online banking and electronic payment sites http://www.auscert.org.au/2909 - ---------------------------------------------------------------------------- AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation\'s site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 AusCERT also maintains a World Wide Web service which is found on: http://www.auscert.org.au. Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. Postal: Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 AUSTRALIA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Revision History 11 December 2003: Added Mac mitigation/workaround paragraph. 12 December 2003: Corrected Mac information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBP9kUzSh9+71yA2DNAQGtmgP7BW9tXcu4B+yALE2ipq1ypV+3ffQ2oHlW 6+4vVuPSBHJM9BsK3mBOrz43XEobm66ITuCX1lvMmB0ec3lDdWbgl3eEj8AoycS2 2QMrdnnhuLw+YR8221XnZ9v3GsihFTKdFT/4W4nO03ubEyNcaYPGsclP+05CoKen 5lqTrFdYEHw= =+diG -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=2998&it=3680