Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Spoofing Vulnerability in IE

Posted by CowboyNeal on Thursday December 16, 2004 @12:57PM from the url-b-gone dept.

Jimmy M. writes "A new vulnerability has been announced in Internet Explorer, also affecting XP SP2, which can very easily be exploited by a malicious web site to completely spoof the address bar. The vulnerability is very similar to another vulnerability disclosed just about a year ago called the '%00' vulnerability, which also was widely exploited by phishers. A demonstration is also available."

2 of 372 comments (clear)

Min score:

Reason:

Sort:

Comment removed by account_deleted · 2004-12-16 12:59 · Score: 0, Redundant

Comment removed based on user account deletion
javascript by spisska · 2004-12-16 13:22 · Score: 0, Redundant

I'm running SP1, but when I hover on the test link my status bar says:

javascript:start();

Maybe it's an exploit, but I wouldn't fall for it.