Bug Spoofs Internet Explorer Addresses

Yet another vulnerability pops up in Internet Explorer -- this one affecting how the browser loads Flash files, which use the ".swf" extension

April 4, 2006

1 Min Read
Network Computing logo

Microsoft's Internet Explorer, already stunned with a bug currently being used by hackers to infect PCs with spyware, suffers from yet another vulnerability, a researcher said Tuesday.

The bug affects how the browser loads Flash files, which use the ".swf" extension. Attackers can use a Flash file to spoof the address bar in IE to disguise the true URL of the site being viewed. Address bar spoofing is a long-time phishing tactic that's used to masquerade the bogus URL.

(Oddly enough, recent research by a trio from Harvard and Berkeley shows that few surfers use the browser address bar to detect fake sites.)

Danish vulnerability tracker Secunia rated the IE spoof as "less critical," in part because the name of the Flash file appears in the browser window.

To protect against such a spoof, Secunia recommended that users disable IE's Active Scripting feature, advice also given by Microsoft to deflect attacks exploiting the createTextRange vulnerability that the Redmond, Wash. developer promised would be patched no later than April 11.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights