Internet Explorer 7 Window Injection Vulnerability
Monday, October 30, 2006 8:33 PM
My settings are a little more secure than the IE 7 defaults. So far, IE 7 has passed 2 of the 3 tests noted for IE 7 at Secunia. The one area related to an Outlook Express vulnerability is not in the wild and would be mitigated through phishing controls and best practices.
Secunia: Internet Explorer 7 Window Injection Vulnerability
QUOTE: A vulnerability has been discovered in Internet Explorer 7, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
TEST for vulnerabilities