Dynaverse.net

Off Topic => Ten Forward => Topic started by: Sethan on October 30, 2004, 06:47:31 pm

Title: NEW Internet Explorer Exploit
Post by: Sethan on October 30, 2004, 06:47:31 pm

Careful on this one folks - if you use Internet Explorer, and are not running AT LEAST WinXP SP2, this one can get you, no matter how updated your Internet Explorer is.

The following link is a 'proof of concept' for the exploit.

http://graha.ms/iesploit.html

If you go to it, you will see a 'Click Here' link - which when you put your mouse over it, shows http://www.microsoft.com in the status bar.  However, the link ACTUALLY takes you to http://www.google.com.

Safari (another browser) is also affected, but Firefox is not.

If you use IE, and are not at least WinXP SP2, it is time to start typing in your URLs by hand unless you know and trust the site you are clicking from.

Title: Re: NEW Internet Explorer Exploit
Post by: Hale on October 31, 2004, 02:32:26 pm

Speaking of IE and SP2, its blocking popups from my router and I can't see them (the 'click here' doesn't work for some reason).   Anyway I can turn that off for just that one, local, IP without fooling with anything else?

Thanks!

Title: Re: NEW Internet Explorer Exploit
Post by: Javora on November 01, 2004, 12:18:44 pm

Nice catch Sethan, I'm starting to like Mozilla more and more with each passing day.  I wonder how long Micro$oft will take to come up with a patch for this one.   ::)