myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron - My IT Forums Blog

Sharing Security Developments, and Best Practices for corporate and home users

Internet Explorer 7 Window Injection Vulnerability

My settings are a little more secure than the IE 7 defaults.  So far, IE 7 has passed 2 of the 3 tests noted for IE 7 at Secunia.  The one area related to an Outlook Express vulnerability is not in the wild and would be mitigated through phishing controls and best practices. 

Secunia: Internet Explorer 7 Window Injection Vulnerability
http://secunia.com/advisories/22628/

QUOTE: A vulnerability has been discovered in Internet Explorer 7, which can be exploited by malicious people to spoof the content of websites.  The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

TEST for vulnerabilities
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

MORE INFORMATION
http://msmvps.com/blogs/spywaresucks/archive/2006/10/30/228561.aspx

Published Oct 30 2006, 08:33 PM by hwaldron

Comments

 

myITforum Newsletters said:

myITforum Daily Newsletter Daily Newsletter October 31, 2006 The myITforum.com newsletter is delivered

October 31, 2006 8:01 AM

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems