 Internet Explorer 7 Frame Location Handling Vulnerability |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
  |
 Jun 30 2008, 12:14 PM
Post
#1
|
|
 Bleepin' Janitor  Group: Global Moderator Posts: 13,432 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513  |
QUOTE sirdarckcat has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks. secunia.com/advisoriesThe problem is that it is possible for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website...The vulnerability is confirmed in IE7 US-CERT: Vulnerability Note VU#516627 QUOTE This vulnerability can be mitigated by disabling Active Scripting in the Internet Zone, as specified in the Securing Your Web Browser -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008  |
 |
 
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 23rd November 2008 - 08:13 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.