New IE Flaw Spoofs URLs
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

New IE Flaw Spoofs URLs

Written By
Larry Seltzer
Larry Seltzer
Oct 31, 2004
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

A series of HTML-based exploits allow a malicious HTML programmer to direct a user to a different Web site than the one indicated in the users browser status line.

Two separate but similar issues affect Internet Explorer. The first, reported by Benjamin Franz of Germany on the Bugtraq mailing list, involves an improper mixture of anchor and table tags, with links to two different sites.

On fully-patched Windows systems prior to Windows XP SP2, users hovering over the link will see one URL in the status bar, but when they click on the link, they will be taken to a different address. On Windows XP SP2, clicking on the link brings the user to the same address indicated in the status line. Users hovering just below the link will see the second address, but clicking in this area does not change the browser location.

The second report, also reported on Bugtraq, is by the well-known malware researcher http-equiv. The effect is similar to the first, but the bug works on fully-patched Windows XP SP2 systems. The technique involves the mixture of an empty anchor tag and a form tag with both an action statement indicating one address and an input tag with the type of submit and a value of the other address, all in the presence of a base href tag indicating the second address.

/zimages/2/28571.gifClick hereto read about another bug that allows programs to be planted and executed on fully-patched SP2 systems.

The significance of either bug is questionable, as the same effect has long been possible using JavaScript and other techniques.

Mozilla is not generally subject to these attacks, but others have observed that in some of these attacks, if the user Ctrl-clicks to load the link in a separate tab, that tab will load the second address not indicated by the status line.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

/zimages/2/77042.gif

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page
Larry Seltzer
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information