Internet Explorer 7 Cross-Site Scripting Vulnerability

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Secunia has a created a test page for this new vulnerability that could be used in possible phishing attacks. This new vulnerability requires users to hit the REFRESH button when navigation is cancelled to cross script to another site.

Internet Explorer 7 Cross-Site Scripting Vulnerability
http://secunia.com/advisories/24535/
http://www.frsirt.com/english/advisories/2007/0946

QUOTE: A weakness has been identified in Microsoft Internet Explorer 7, which could be exploited by malicious websites to conduct spoofing or phishing attacks. This issue is due to an input validation error in the resource page "res://ieframe.dll/navcancl.htm" when generating the "Refresh the page" link in order to reload a site, which could be exploited by attackers to spoof the displayed address bar by tricking a user into clicking on the "Refresh the page" link while visiting a malicious web page.

Posted: Mar 15 2007, 04:19 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.