Check Point Advisories

Internet Explorer Popup Title Bar Spoofing (CVE-2005-0500)

Check Point Reference: CPAI-2005-196
Date Published: 8 Mar 2010
Severity: High
Last Updated: Tuesday 31 December, 2024
Source:
Industry Reference:CVE-2005-0500
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description Microsoft Internet Explorer is a popular, all-purpose browser, bundled with the Microsoft Windows operating systems. Microsoft Internet Explorer (IE) 6 Service Pack 2 is a release with major security enhancements. One of the new security features is the way IE displays text in the title bar for script-initiated, popup windows. A vulnerability exists in the way Internet Explorer displays content in the title bar for script-initiated popup windows. With a DNS server that supports wild-card resolving, a trusted hostname can be displayed as the starting part of a malicious hostname in the popup window's title bar. This can be used to mislead a user into thinking that a trusted site is visited, while the page is loaded with attacker-supplied content. A second related vulnerability exists in the way Internet Explorer displays content in the title bar for script-initiated popup windows. When the content of a title tag in HTML contains scheme content (i.e., "http://"), the text is displayed in the title bar. This can be used to mislead a user into thinking that a trusted site is visited. When the target opens a malicious link from the attacker, the target system will pop up a window with new content. The malicious pop-up window does not have an address bar and therefore, only the content of the title bar reveals information about the source of the content. Using either the domain name or title tag vulnerabilities, a trusted URL may be spoofed in the title bar. The target user may be deceived into sending confidential information.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Internet Explorer Popup Title Bar Spoofing protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Microsoft Internet Explorer popup title bar spoofing

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK