Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

http://www.kurczaba.com/securityadvisories/0405132.htm
-------------------------------------------------------------

Vulnerability ID Number:
0405132


Overview:
A vulnerability has been found in Microsoft Internet Explorer. A 
specially coded ImageMap can be used to spoof the URL displayed in the 
lower, left hand corner of the browser.


Vendor:
Microsoft (http://www.microsoft.com)


Affected Systems/Configuration:
The versions affected by this vulnerability are Microsoft Internet 
Explorer 5 and 6.


Vulnerability/Exploit:
An ImageMap can be used to spoof the URL displayed in the lower, left 
hand of the browser. View the "Proof of Concept" example for details.


Workaround:
None so far.


Proof of Concept:
http://www.kurczaba.com/securityadvisories/0405132poc.htm


Date Discovered:
May 13, 2004


Severity:
High


Credit:
Paul Kurczaba
Kurczaba Associates
http://www.kurczaba.com/