New Internet Explorer Exploit

Discussion in 'Technology News' started by naveenchandran, Apr 7, 2006.

Thread Status:
Not open for further replies.
  1. naveenchandran

    naveenchandran New Member

    Joined:
    May 16, 2004
    Messages:
    451
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    ** Hosur ** Operating System:GNU
    Introduction

    Hai Nam Luke has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

    Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.

    Test Case / Demonstration

    The test will try to open Google.com in a new window after a few seconds it will display content controlled by Secunia (or the attacker/phisher).

    For the test check out HERE

    Result
    You are vulnerable, if a new window is opened and content from Secunia is displayed while the address bar still says "http://www.google.com/".

    You are not vulnerable to this particular exploit, if you do not experience the above behaviour.

    Credits
    The test is based on Proof of Concept code by Hai Nam Luke.


    Sources:
    http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/
    http://www.neowin.net/forum/index.php?showtopic=450204

    Internet Explorer is the worst ever designed browser in the history of computing :roll:
     
  2. Vyasram

    Vyasram The pWnster

    Joined:
    Oct 10, 2004
    Messages:
    841
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    Karaikudi,TN
    yeah itz the worst, hope ie7 wont be lik dis
     
  3. RCuber

    RCuber The Mighty Unkel!!! Staff Member

    Joined:
    Sep 7, 2004
    Messages:
    7,105
    Likes Received:
    12
    Trophy Points:
    38
    Location:
    ಬೆಂಗಳೂರು (Bengaluru)
    Hoooo my explorer has it. BTW i use opera for browsing and stuff.But the problem is my brother!! he uses IE :(
     
  4. Netjunkie

    Netjunkie New Member

    Joined:
    Apr 2, 2005
    Messages:
    325
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Hitech City, "Hyderabad"
    IE7 with the so called 'Anti Phishing' Filters built into the browser is also Vulnerable to this. :shock:
    Its better MS reacts before Phishing websites go on a rampage.
     
  5. saiaspire

    saiaspire Guest

    Non-Vulnearable

    My IE worked fine. It passed the test!
     
  6. Vyasram

    Vyasram The pWnster

    Joined:
    Oct 10, 2004
    Messages:
    841
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    Karaikudi,TN
    next time, ms sd give a separete update tool rather than fixing it with ie. coz itz the only time i use ie
     
  7. ashfame

    ashfame New Member

    Joined:
    Mar 30, 2006
    Messages:
    761
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Delhi / Jaipur
    when i left click on the link start test, nothing happens, what should i conclude?
     
  8. ravi_9793

    ravi_9793 TechTin.com

    Joined:
    Jun 22, 2005
    Messages:
    4,139
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    LocalHost
    my explorer is working fine...it has passed the test
     
  9. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Maxthon passed the test easily .. :| ..
     
  10. RCuber

    RCuber The Mighty Unkel!!! Staff Member

    Joined:
    Sep 7, 2004
    Messages:
    7,105
    Likes Received:
    12
    Trophy Points:
    38
    Location:
    ಬೆಂಗಳೂರು (Bengaluru)
  11. nishant_nms

    nishant_nms New Member

    Joined:
    Sep 5, 2005
    Messages:
    1,344
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Pune
    Got the patches 2 day ago by auto update
     
  12. eddie

    eddie El mooooo

    Joined:
    Jan 26, 2006
    Messages:
    1,414
    Likes Received:
    14
    Trophy Points:
    0
    Location:
    India
    Isn't wonderful how a plugin to IE...written by very few developers can fix things but MS with its army can not?
     
  13. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Hey Eddie its not a plugin, its a complete browser in itself. It only uses IE's rendering engine .. anyways its always better than IE .. IE is ewwww ..
     
  14. Vishal Gupta

    Vishal Gupta Microsoft MVP

    Joined:
    Jul 28, 2005
    Messages:
    5,173
    Likes Received:
    121
    Trophy Points:
    0
    Location:
    AskVG.com
    Yeah! Maxthon is a good browser, which uses same rendering engine of IE.

    U can download Maxthon from here.
     
  15. eddie

    eddie El mooooo

    Joined:
    Jan 26, 2006
    Messages:
    1,414
    Likes Received:
    14
    Trophy Points:
    0
    Location:
    India
  16. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Lol .. .Now I aint gonna run into semantics, but certainly its not a plugin . .. You can however call it a shell though ..

    And btw .. It supports Gecko engine too, but I find it way to buggy so never use it ..
     
  17. MysticHalo

    MysticHalo Your Maker.

    Joined:
    Jan 3, 2006
    Messages:
    397
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    mumba][
    There r a whole lot of browsers running on the IE engine, only difference is that they have tabbing support, which is anyways incorporated into IE 7.
    But ever since i found Firefox and the support (extension) of IE tabs in it.....i forgot i had a browser named IE :lol:
     
  18. parthbarot

    parthbarot New Member

    Joined:
    Sep 17, 2004
    Messages:
    388
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    .::OnLine::.
    thank god..
    i m not using IE...Opera rocks...rulez people....

    use opera....

    regards,
    Parth.
     
  19. prachi_saxena

    prachi_saxena New Member

    Joined:
    Apr 16, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    hey mine browser passed the test
    it displayed secunia.com on the bar also n opened that page only
    i hope it passes it well
     
  20. Ankur Gupta

    Ankur Gupta Wandering in time...

    Joined:
    Nov 7, 2004
    Messages:
    1,293
    Likes Received:
    11
    Trophy Points:
    0
    Location:
    Delhi,India
    my browser passed the test too but ie7 flunked the test in my other xp without sp2!!
     
Thread Status:
Not open for further replies.

Share This Page