This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites).
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 + Microsoft Windows XP SP2 and previous versions.
If you are vulnerable you will see the flash intro of buctuong.com while the address bar is http://www.microsoft.com/ If you have a very fast connection you may change my flash application to a larger one to make loading time take longer.
This spoofing technique discovered and proved by
Hai Nam Luke
K46A – NEU, Hanoi
- XcodeGhost iOS Trojan Infected Over 4000 Apps
- WhatsApp Web vCard Vulnerability Exposed 200M Users
- Mimikatz – Gather Windows Credentials
- Zodiac – DNS Protocol Monitoring and Spoofing Tool
- Caller ID Spoofing to be Made Illegal in the USA
- IPFlood – Simple Firefox Add-on To Hide Your IP Address
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 231,692 views
- AJAX: Is your application secure enough? - 119,682 views
- eEye Launches 0-Day Exploit Tracker - 85,281 views