CVE-2007-3092 Information

Description

Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar and page properties including SSL certificates by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html http://lcamtuf.coredump.cx/ietrap2/ http://osvdb.org/45437 http://secunia.com/advisories/25564 http://securityreason.com/securityalert/2781 http://securitytracker.com/id?1018193 http://www.securityfocus.com/archive/1/470446/100/0/threaded http://www.securityfocus.com/bid/24298 https://exchange.xforce.ibmcloud.com/vulnerabilities/34705 ie-location-url-spoofing(34705)