Open Source Fixes to MS Products?

It sounds pretty silly, but it’s true: The latest nasty IE bug in which it’s possible to manipulate the URL line so that you’ll think you are on the payapl site etc, has been mended by a European company.

This article appeared at theage.com.au and was written by Sam Varghese.

An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer, which can be exploited by scammers who try to trick people into revealing details of online banking accounts or other private information.

Openwares.org, a Vaunatian company, with branches in Israel, the US and France, released the patch and the source code for the same a couple of days back.

The company has also set up two pages where users can test to see if they are vulnerable to the exploit, one a fake Microsoft Update example and the other an example of a fake PayPal site.

In its advisory, issued along with the patch, Openwares.org said: “Successful exploitation (of this flaw) allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address and status bars, which is different from the actual location of the page.”

It gave the vulnerability a rating of 5 on a five-point scale.

Leave a Reply