Friday, February 23, 2007 9:08 AM cmosby

On the forums: IE 7 - New address bar spoofing vulnerability

 

This new vulnerability is rated as low risk and could be used in phishing or other deceptive schemes by malicious people.
Internet Explorer 7 "onunload" Event Spoofing Vulnerability
http://secunia.com/advisories/23014/
http://msmvps.com/blogs/spywaresucks/archive/2007/02/23/611544.aspx

quote:
Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice.

_____________________________

Harry Waldron - Security News & Best Practices Blog

Source: IE 7 - New address bar spoofing vulnerability

Filed under: , , , ,

Comments

No Comments