Microsoft Internet Explorer contains a vulnerability in its handling of navigation commands from plug-ins. This could let an attacker spoof the address of a website.
Microsoft Internet Explorer improperly handles navigations from plug-ins, such as ActiveX controls. This improper navigation handling could cause IE to display an incorrect URL in the Address bar. As a result, a web site operator could make it appear that the content from his or her web site actually originated from another site when, in fact, it did not.
This vulnerability could be used to convince a user that the intruder's web site was actually a web site that the user trusts and might provide sensitive information to.
Apply a patch
Apply the patch referenced in MS04-038.
Thanks to Microsoft for reporting this vulnerability.
|Date First Published:||2004-10-13|
|Date Last Updated:||2004-10-15 20:37 UTC|