Help
Quote
There's a new spoofing vulnerability in Internet Explorer 7, one that could again be exploited by web criminals to perform phishing attacks. This time, the vulnerability is in a local resource file, "navcancl.htm", which is caused by an input validation error when generating a "Refresh the page" link.
...............
...............
The vulnerability remains unpatched, and Microsoft has yet to respond. In the meantime, make sure that you avoid browsing untrusted web sites. In the instance that you encounter the "Refresh the page" link, avoid clicking it. Instead, retype the address bar on your browser, press the browser's Refresh icon, or press F5.
Secunia has created a test that you can take to check if your browser is vulnerable:
Test Here
For more information on this vulnerability, you can read the whole Secunia advisory here:
http://secunia.com/advisories/24535/
...............
...............
The vulnerability remains unpatched, and Microsoft has yet to respond. In the meantime, make sure that you avoid browsing untrusted web sites. In the instance that you encounter the "Refresh the page" link, avoid clicking it. Instead, retype the address bar on your browser, press the browser's Refresh icon, or press F5.
Secunia has created a test that you can take to check if your browser is vulnerable:
Test Here
For more information on this vulnerability, you can read the whole Secunia advisory here:
http://secunia.com/advisories/24535/
Full topic : New Internet Explorer 7 Spoofing Vulnerability
This post has been edited by HIPPO1023: 16 March 2007 - 09:56 AM
Back to top
