IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victims click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Powersc | Ibm | 1.3 (including) | 1.3 (including) |
| Powersc | Ibm | 2.0 (including) | 2.0 (including) |
| Powersc | Ibm | 2.1 (including) | 2.1 (including) |
If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist. For example, if the UI is used to monitor the security state of a system or network, then omitting or obscuring an important indicator could prevent the user from detecting and reacting to a security-critical event. UI misrepresentation can take many forms: