New IE flaw allows address bar spoofing

Another Internet Explorer (IE) flaw has been found, one that allows phishers and other malicious users to spoof an address bar when creating a malicious site.

The vulnerability is caused by a condition in the loading of Macromedia Flash Format (.swf) files in browser windows. The flaw can then be exploited to show what appears to be a legitimate address bar, according to vulnerability monitoring firm Secunia.

The firm also provided a test for home users to see if their browsers have been affected by this flaw.

The flaw, called "moderately critical" by Secunia, was confirmed on a fully patched system with IE 6 and Windows XP service packs 1 and 2.

Users should disable active scripting support to avoid the flaw affecting their systems, according to Secunia.

Microsoft researchers have been working on a patch for a recently discovered createTextRange() flaw in IE. Company officials have hinted the fix will be a part of next week's Patch Tuesday release.

In January, Microsoft released a rare out-of-cycle patch for the much hyped Windows metafile (WMF) vulnerability, which received widespread media attention in the early days of this year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.