Under IE 6.0.2900.2180, this does not occur as you describe. If the mouse pointer is pointed to the edge around the link, "http://www.microsoft.com"; is displayed, but when the pointer is directly over the link, "http://www.google.com"; is correctly displayed. On Thu, 28 Oct 2004 23:38:16 +0200, 0-1-2-3@xxxxxx <0-1-2-3@xxxxxx> wrote: > New URL spoofing bug in Microsoft Internet Explorer > > There is a security bug in Internet Explorer 6.0.2800.1106 (fully patched), > which allowes to show any faked target-address in the status bar of the > window. > > The example below will display a faked URL ("http://www.microsoft.com/";) in > the status bar of the window, if you move your mouse over the link. Click > on the link and IE will go to "http://www.google.com/"; and NOT to > "http://www.microsoft.com/"; . > > <a href="http://www.microsoft.com/";><table><tr><td><a > href="http://www.google.com/";>Click here</td></tr></table></a> > > Description: Microsoft Internet Explorer can't handle links surrounded by a > table and an other link correct. > > The bug can be exploited using HTML mail message too. > > Affected software: Microsoft Internet Explorer, Microsoft Outlook Express, > ... > > Workaround: Don't click on non-trusted links. Or right-click on links to > see the real target. Or use Copy-and-Paste. > > Regards, > Benjamin Tobias Franz > Germany > >
