Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Internet Explorer 7 Spoofing Vulnerability


  • Please log in to reply
No replies to this topic

#1 HIPPO1023

HIPPO1023

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 16 March 2007 - 09:51 AM

From : Secunia "Security Watchdog" Blog

There's a new spoofing vulnerability in Internet Explorer 7, one that could again be exploited by web criminals to perform phishing attacks. This time, the vulnerability is in a local resource file, "navcancl.htm", which is caused by an input validation error when generating a "Refresh the page" link.

...............
...............

The vulnerability remains unpatched, and Microsoft has yet to respond. In the meantime, make sure that you avoid browsing untrusted web sites. In the instance that you encounter the "Refresh the page" link, avoid clicking it. Instead, retype the address bar on your browser, press the browser's Refresh icon, or press F5.

Secunia has created a test that you can take to check if your browser is vulnerable:
Test Here

For more information on this vulnerability, you can read the whole Secunia advisory here:
http://secunia.com/advisories/24535/


Full topic : New Internet Explorer 7 Spoofing Vulnerability

Edited by HIPPO1023, 16 March 2007 - 09:56 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users