|
|
|
 |
Vulnerability Note VU#625616Microsoft Internet Explorer does not properly handle navigations from plug-insOverviewMicrosoft Internet Explorer contains a vulnerability in its handling of navigation commands from plug-ins. This could let an attacker spoof the address of a website.I. DescriptionMicrosoft Internet Explorer improperly handles navigations from plug-ins, such as ActiveX controls. This improper navigation handling could cause IE to display an incorrect URL in the Address bar. As a result, a web site operator could make it appear that the content from his or her web site actually originated from another site when, in fact, it did not.II. ImpactThis vulnerability could be used to convince a user that the intruder's web site was actually a web site that the user trusts and might provide sensitive information to.III. SolutionApply a patchApply the patch referenced in MS04-038.
References
Thanks to Microsoft for reporting this vulnerability. This document was written by Will Dormann, based on the information provided in the Microsoft Security Bulletin.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader