• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft IE SSL Spoofing Vulnerability

MSIE contains a vulnerability which may permit malicious webmasters to place an arbitrary value in the address bar. Malicious webmasters may exploit this vulnerability to create realistic looking 'spoofed' websites, with addresses other than the real one in the location bar. In addition, certain modifications to the web page could give the appearance an SSL session has been invoked, which would deter a visitor from questioning the validity of the site.

Unfortunately, no other technical details have been provided.