Microsoft Internet Explorer '%2F' URL Parsing Error Lets Remote Users
Spoof Sites in the Trusted Zone
http://www.securitytracker.com/alert...n/1010482.html


Impact: Modification of system information
Exploit Included: Yes
Version(s): 6

Description: A vulnerability was reported in Microsoft Internet
Explorer in the parsing of URLs containing the '%2F' character. A
remote user can spoof Trusted Site and Local Computer zone URLs.

http-equiv reported that 'bitlance winter' discovered that a remote
user can create a specially crafted HTML link that, when loaded by the
target user, will cause an arbitrary web site to be loaded with a
partially spoofed URL. The partially spoofed URL will contain the full
URL but may also contain space or null characters that cause the
portion of the URL containing the attacker's site to be pushed far
enough to the right in the URL status bar so as to not be visible.

The web site can be loaded in the security domain of an arbitrary
site. As a result, a remote user can spoof arbitrary web sites in the
target user's trusted sites security domain.

A demonstration exploit link is provided:

<a href="http://www.microsoft.com%2F redir=www.e-gold.com">test</a>

It is reported that the attacker's exploit site must be configured to
respond to HTTP queries regardless of what value is specified for the
HTTP "Host:" header.

Thor Larholm reported that a remote user can also cause the HTML to
load in the Local Intranet zone by leaving out a top level domain in
the first part of the URL. Some demonstration exploit examples are
provided:

http://whatever%3fredir=www.e-gold.com
http://whate ver%3fredir=yourevilsite.com

Brett Moore reported that the malicious URL does not need to include
the 'redir' attribute.

A demonstration exploit example that uses an SSL-based exploit site is
provided at:

http://www.malware.com/gutted.html

Impact: A remote user can create HTML that, when loaded by the target
user, will spoof an arbitrary site in the target user's trusted domain
or local computer domain.

Solution: No solution was available at the time of this entry.

Vendor URL: www.microsoft.com/technet/security/ (Links to External
Site)

Cause: Input validation error, State error

Underlying OS: Windows (Any)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Hay «exploit» en circulacion.
No hay solucion por parte del fabricante (de momento).

Hasta su resolucion es recomendable usar otro nevegador de Internet.


--
Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."