Friday, October 27, 2006

Address Bar Spoofing in IE 7

Secunia has a report of a bug in Microsoft Internet Explorer 7. It may be possible for attackers to create a pop-up window that will have a spoofed and misleading address bar, with only part of the address displayed. This could be used as part of a phishing scheme to trick users into disclosing information to a malicious website. You can see the details at http://secunia.com/advisories/22542/, including a proof of concept.