A security researcher has developed an interesting new class of attacks that exploit the problems caused by organizations using non-routable IP address space on their internal networks. The attacks rely on the long-term caching policies of some browsers and take advantage of the collisions that can occur when two different networks use the same IP space. Even a moderately skilled attacker has the ability to compromise remote machines without the use of any vulnerability or weakness in the client software. In one of the scenarios, an attacker is able to force a VPN user to connect to an attacker-controlled network instead of the user s own corporate intranet.
Source: https://threatpost.com/new-attack-class-exploits-intranet-weaknesses-061009/72806/