Patch released for IE spoofing flaw, but not by Microsoft
Spinner
Birmingham, UK
An open source and free software development web site [link=http://www.openwares.org/]Openwares[/link] has released a patch to remedy the previously reported URL spoofing vulnerability in Internet Explorer. The vulnerability can be exploited by scammers who try to trick people into revealing private information such as online banking codes and passwords.
[blockquote]The company has also set up two pages where users can test to see if they are vulnerable to the exploit, one a fake Microsoft Update example and the other an example of a fake PayPal site.
In its advisory, issued along with the patch, Openwares.org said: "Successful exploitation (of this flaw) allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address and status bars, which is different from the actual location of the page."
It gave the vulnerability a rating of 5 on a five-point scale.
[/blockquote]
Download: [link=http://www.openwares.org/downloads/IEpatch.EXE]IE Patch[/link] (267KB) - [link=http://security.openwares.org/]Patch Info[/link]
Additional Links: [link=http://www.theage.com.au/articles/2003/12/18/1071337072117.html]Source report[/link] - [link=http://support.microsoft.com/?id=833786]Microsoft's KB article[/link] - [link=http://www.short-media.com/comment.php?467]Related news articles[/link]
[blockquote]The company has also set up two pages where users can test to see if they are vulnerable to the exploit, one a fake Microsoft Update example and the other an example of a fake PayPal site.
In its advisory, issued along with the patch, Openwares.org said: "Successful exploitation (of this flaw) allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address and status bars, which is different from the actual location of the page."
It gave the vulnerability a rating of 5 on a five-point scale.
[/blockquote]
Download: [link=http://www.openwares.org/downloads/IEpatch.EXE]IE Patch[/link] (267KB) - [link=http://security.openwares.org/]Patch Info[/link]
Additional Links: [link=http://www.theage.com.au/articles/2003/12/18/1071337072117.html]Source report[/link] - [link=http://support.microsoft.com/?id=833786]Microsoft's KB article[/link] - [link=http://www.short-media.com/comment.php?467]Related news articles[/link]
0