CVE-2006-2384

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 SP4 and 6 SP1 and earlier

Description A spoofing issue exists that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI can be displayed from trusted Web sites, but the content of the window contains the attacker's Web page. This can be used to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site.

Recommendations For Microsoft Internet Explorer versions 5.01 SP4 and 6 SP1 and earlier, consider disabling the use of modal browser windows until a patch is available. Restrict access to untrusted Web sites to minimize the risk of exploitation. Avoid using the address bar as the sole means of verifying the authenticity of a Web site until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.