In-Reply-To: <40A90108.9000301@xxxxxxxxxxxx> I can't see this as vulnerability because its legal code I do something similar without using image map for my site to hide the affiliate tracking code. This is the code: <a onmouseover="window.status='http://www.the-url-you-see.com;return true" title="The Link" onmouseout="window.status='Whatever-you-like-here';return true" href='http://www.some-other-url.com'>The link</a> living example: http://lotdcrew.org/drunkteam_new/page/affiliates.php ------------------------------------------------ >Received: (qmail 26354 invoked from network); 17 May 2004 18:17:56 -0000 >Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27) > by mail.securityfocus.com with SMTP; 17 May 2004 18:17:56 -0000 >Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id B52342371D4; Mon, 17 May 2004 20:13:15 -0600 (MDT) >Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@xxxxxxxxxxxxxxxxx> >List-Help: <mailto:bugtraq-help@xxxxxxxxxxxxxxxxx> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@xxxxxxxxxxxxxxxxx> >List-Subscribe: <mailto:bugtraq-subscribe@xxxxxxxxxxxxxxxxx> >Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx >Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx >Received: (qmail 11770 invoked from network); 17 May 2004 12:00:16 -0000 >Message-ID: <40A90108.9000301@xxxxxxxxxxxx> >Date: Mon, 17 May 2004 14:14:32 -0400 >From: Kurczaba Associates advisories <advisories@xxxxxxxxxxxx> >User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) >X-Accept-Language: en-us, en >MIME-Version: 1.0 >To: bugtraq@xxxxxxxxxxxxxxxxx >Subject: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability >Content-Type: text/plain; charset=us-ascii; format=flowed >Content-Transfer-Encoding: 7bit > >Microsoft Internet Explorer ImageMap URL Spoof Vulnerability > >http://www.kurczaba.com/securityadvisories/0405132.htm >------------------------------------------------------------- > >Vulnerability ID Number: >0405132 > > >Overview: >A vulnerability has been found in Microsoft Internet Explorer. A >specially coded ImageMap can be used to spoof the URL displayed in the >lower, left hand corner of the browser. > > >Vendor: >Microsoft (http://www.microsoft.com) > > >Affected Systems/Configuration: >The versions affected by this vulnerability are Microsoft Internet >Explorer 5 and 6. > > >Vulnerability/Exploit: >An ImageMap can be used to spoof the URL displayed in the lower, left >hand of the browser. View the "Proof of Concept" example for details. > > >Workaround: >None so far. > > >Proof of Concept: >http://www.kurczaba.com/securityadvisories/0405132poc.htm > > >Date Discovered: >May 13, 2004 > > >Severity: >High > > >Credit: >Paul Kurczaba >Kurczaba Associates >http://www.kurczaba.com/ > > >
