There's a new spoofing vulnerability in Internet Explorer 7, one that could again be exploited by web criminals to perform phishing attacks. This time, the vulnerability is in a local resource file, "navcancl.htm", which is caused by an input validation error when generating a "Refresh the page" link.
The vulnerability remains unpatched, and Microsoft has yet to respond. In the meantime, make sure that you avoid browsing untrusted web sites. In the instance that you encounter the "Refresh the page" link, avoid clicking it. Instead, retype the address bar on your browser, press the browser's Refresh icon, or press F5.
Secunia has created a test that you can take to check if your browser is vulnerable:
For more information on this vulnerability, you can read the whole Secunia advisory here:
Full topic : New Internet Explorer 7 Spoofing Vulnerability
Edited by HIPPO1023, 16 March 2007 - 09:56 AM.