FYI...
- http://isc.sans.org/diary.php?storyid=1804
Last Updated: 2006-10-26 04:49:56 UTC
"Secunia ( http://secunia.com/advisories/22542/ is reporting a new Microsoft Internet Explorer (MSIE) 7.0 vulnerability. This vulnerability allows a malicious site to spoof the content of the address bar. Instead of the actual URL, the user will see a "fake" URL. We tested the vulnerability and found it to work quite well.
As a quick workaround you may want to configure MSIE 7.0 to open new windows in a new tab. In order to do this, Tools -> Internet Options -> Tabs Settings -> When a pop-up is encountered: Always open pop-ups in a new tab.
The PoC exploit by Secunia is pushing the real URL off the screen to the left by adding multiple '%A0' characters between the real URL and the string 'www.microsoft.com'. It appears that the new window will only show right-most part of the URL. For tabs, the left most part is shown. This vulnerability has a lot of potential for phishers or others that attempt to trick the user into trusting the popup window as they trust the site displayed in the main window."
=========================
- http://blogs.technet.com/msrc/archiv...bar-issue.aspx
October 26, 2006
"...This is an issue with how URLs are displayed in the address bar. Specifically, we’ve seen that this occurs in a pop-up window after a user clicks a specially formed link on an untrusted website or in an untrusted e-mail. Now, while the full URL is actually present in the address bar, the left part of the URL is not initially displayed. But, you can see the full URL if you either click in the browser window or in the address bar and then scroll within the address bar. We’re not aware of any attacks that are attempting to use this, but as always we will continue to monitor the situation throughout our investigation... We do have this issue under investigation and as always, once we complete our investigation we’ll take appropriate steps to protect our customers..."
============================================
> http://secunia.com/product/12366/?task=advisories
10.30.2006
"...Currently, 100% (3 out of 3) are marked as Unpatched with the most severe being rated Moderately critical.."