###########################################
IE8 beta RC1 res://ieframe.dll/acr_error.htm Spoff
Vendor page: www.microsoft.com
Advisore:http://lostmon.blogspot.com/
2009/03/ie8-beta-rc1-resieframedllacrerrorhtm.html
vendor notify:yes exploit available:yes
############################################
Internet explorer 8 has a flaw that allows remote users to
spooff the domain name in 'ieframe.dll' wen is set to
'acr_error.htm' in res: uri handler a remote user can
compose a Bad link thats shows in domain name for example
google.com , but wen click in the link it goes to other
site (spooffing)
#################
Proof of concept
#################
..:[-IE8 res://ieframe.dll/acr_error.htm Domain name Spoff
-]:..
#######################################
Thnx To estrella to be my ligth
Thnx to all Lostmon Team
---------- Forwarded message ----------
From: Lostmon lords
Date: 2009/3/4
Subject: ie8 spooff the domain name in ieframe.dll wen is set to
acr_error.htm in res: uri handler
To: Microsoft Security Response Center
Hello
Internet explorer 8 has a flaw that allows remote users to spooff the domain
name in ieframe.dll wen is set to acr_error.htm in res: uri handler
a remote user can compose a malicious link thats shows in domain name for
example google.com , but wen click in the link it goes to other site
(spooff)
res://ieframe.dll/acr_error.htm#[trusted domain],[attackers site]
see attached file as a PoC.
res://ieframe.dll/acr_error.htm
I test it in windows 2003 and winxp pro&home with ie 7 and it does not work
it apears that its affects only IE8
Thnx for your time !!!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....