Wednesday, October 25, 2006

Secunia Reports Another IE7 Flaw

Ericka Chickowski writes on SC Magazine Online:

Secunia today reported a new vulnerability in Internet Explorer 7 (IE7) that can be exploited to conduct phishing attacks.

The vulnerability reporting firm said that an anonymous tip lead them to the vulnerability, which allows the browser to display a popup with a spoofed address bar that has special characters appended to the URL. The vulnerability makes it possible to only display a part of the address bar, which could potentially fool users into believing in the pop-up's credibility.

The hole is listed as a "Less Critical" vulnerability by Secunia, which has a demonstration of the vulnerability on its site. According to Thomas Kristensen of Secunia, it might be possible for the vigilant user to spot something that isn't quite right when a pop-up occurs but he is worried about the danger to average users.

More here.

0 Comments:

Post a Comment

<< Home