Spoofing vulnerability patch
If you’re worried about the URL spoofing vulnerability in Internet Explorer, worry no more – but not because of anything Microsoft has done.
"No patch has been released to fix the flaw" but an article, "details ways in which a user can ascertain the URL of a site which he or she is visiting," says Micro$oft here.
But that’s OK because, giving the flaw 5 on a five-point scale, open source firm Openwares.org has released a patch and set up two pages – one with a fake Microsoft Update example and the other an example of a fake PayPal site – so users can see if they’re vulnerable to the exploit.
"Successful exploitation allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address and status bars, which is different from the actual location of the page," says Openwares.org.
The flaw was disclosed on December 9 by graphic designer Sam Greenhalgh.
