Paul has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct sophisticated cross-site scripting attacks against any web site.

Please see the test below for an example of how this vulnerability can be exploited.

Click the link below in order to test whether or not your system is vulnerable. The test will open a new window, where the address bar writes "https://www.paypal.com/", but the page is actually displaying content from Secunia.

Test Your System
Test Now - Left Click On This Link

Please note: If you wish to run the test multiple times, then please refresh this page before each test.



Result
You are vulnerable, if a new window is opened displaying a Secunia page, but the address bar is displaying "https://www.paypal.com/".


Credits
The vulnerability was initially discovered by Liu Die Yu.
This demonstration is based on research and PoC from paul (Greyhats).

Please view the appropriate Secunia advisory for information about how you can fix or mitigate the impact of this vulnerability. The Secunia advisory will be updated when the vendor issue patches.

View the Secunia advisory regarding your browser:
- [SA13482] Internet Explorer 6.0

In order to protect yourself, it is a very good idea to stay informed about the latest threats from vulnerabilities in the software you are using.

Secunia offers a free weekly newsletter, which covers the latest threats from vulnerabilities.

To sign-up for the Secunia Weekly Summary, please enter your email address in the field below and submit the form:

Email Address: