JVN#74969119
Microsoft Internet Explorer address bar spoofing vulnerability
Overview
Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user's web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while the spoofed content remains under the control of the remote attacker.
Products Affected
- Microsoft Internet Explorer
Description
Impact
An user could be navigated to visit an untrusted malicous website even though the user intends to visit a trusted website. Therefore an attacker could possibly conduct a physing attack.
Solution
Vendor Status
| Vendor | Link |
| Microsoft Co.,Ltd. |
Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) |
References
JPCERT/CC Addendum
Credit
hoshikuzu star_dust reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2006-2384 |
| JVN iPedia |
JVNDB-2006-000345 |