Posted on 12/19/2003 6:04:04 AM PST by ShadowAce
An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer, which can be exploited by scammers who try to trick people into revealing details of online banking accounts or other private information.
Openwares.org, a Vaunatian company, with branches in Israel, the US and France, released the patch and the source code for the same a couple of days back.
The company has also set up two pages where users can test to see if they are vulnerable to the exploit, one a fake Microsoft Update example and the other an example of a fake PayPal site.
In its advisory, issued along with the patch, Openwares.org said: "Successful exploitation (of this flaw) allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address and status bars, which is different from the actual location of the page."
It gave the vulnerability a rating of 5 on a five-point scale.
While Microsoft has released an article providing details about the vulnerability, the company is yet to provide a patch.
The flaw was disclosed on December 9 by graphic designer Sam Greenhalgh.
Thank you.
A perfect example of jumping the gun, IMHO.
See the updated piece at The Register.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.