[VULNERABLE] Internet Explorer/Outlook Express

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Critical: Not critical
Impact: Security Bypass
Where: From remote

Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
Microsoft Outlook Express 5
Microsoft Outlook Express 5.5
Microsoft Outlook Express 6

Description:
http-equiv has discovered a weakness in Internet

potentially can be exploited by malicious people to

visiting a malicious website.

It is normally possible for script code to manipulate

displayed in the status bar. However, an error in

allows manipulation of the status bar without using any

This can be exploited by embedding a specially crafted

Example:
<A HREF="http://[trusted_site]/">
<FORM action=http://[malicious_site]/ method=get>
<INPUT style="BORDER-RIGHT: 0pt; BORDER-TOP: 0pt; FONT-

BORDER-LEFT: 0pt; CURSOR: hand; COLOR: blue; BORDER-

BACKGROUND-COLOR: transparent; TEXT-DECORATION:

type=submit value=http://[trusted_site]/>
</A>

This also affects Outlook Express as it uses the same

functionality as Internet Explorer. Outlook Express

especially trust information displayed in the status bar

documents are viewed in context of the "Restricted"

scripting support disabled.

Successful exploitation may result in a user being

visiting a malicious website by following a specially

The problem has been confirmed in versions 5.01 and 6.

likely also affected.


Solution:
Never follow links from untrusted sources.

Fuente: http://secunia.com/advisories/11273/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Ille Corvus.
"Quien es auténtico, asume la responsabilidad por ser lo

.

Podrías poner toda esa información en español para que
los que no somos políglotas nos enteráramos de lo que ahí
se explica.

Gracias

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

=-=-=-=-=-=-=-=-=-=->>Internet Explorer/Outlook Express Restricted Zone Status
Bar Spoofing

Critical: Not critical
Impact: Security Bypass
Where: From remote

Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
Microsoft Outlook Express 5
Microsoft Outlook Express 5.5
Microsoft Outlook Express 6

Description:
http-equiv has discovered a weakness in Internet

Explorer, which

potentially can be exploited by malicious people to

trick users into

visiting a malicious website.

It is normally possible for script code to manipulate

information

displayed in the status bar. However, an error in

Internet Explorer

allows manipulation of the status bar without using any

script code.

This can be exploited by embedding a specially crafted

form in a link.

Example:
<A HREF="http://[trusted_site]/">
<FORM action=http://[malicious_site]/ method=get>
<INPUT style="BORDER-RIGHT: 0pt; BORDER-TOP: 0pt; FONT-

SIZE: 10pt;

BORDER-LEFT: 0pt; CURSOR: hand; COLOR: blue; BORDER-

BOTTOM: 0pt;

BACKGROUND-COLOR: transparent; TEXT-DECORATION:

underline"

type=submit value=http://[trusted_site]/>
</a>

This also affects Outlook Express as it uses the same

HTML rendering

functionality as Internet Explorer. Outlook Express

users may

especially trust information displayed in the status bar

since HTML

documents are viewed in context of the "Restricted"

zone, which has

scripting support disabled.

Successful exploitation may result in a user being

tricked into

visiting a malicious website by following a specially

crafted link.

The problem has been confirmed in versions 5.01 and 6.

Version 5.5 is

likely also affected.


Solution:
Never follow links from untrusted sources.

Fuente: http://secunia.com/advisories/11273/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

=-=-=-=-=-=-=-=-=-=->>

Ille Corvus.
"Quien es auténtico, asume la responsabilidad por ser lo

que es y se reconoce libre de ser lo que ser.(Jean Paul
Sartre)"

.

.