10/26/2006

IE7 spoofing bug pops-up

Filed under: — By Aviran Mordo @ 9:57 am

Security researchers have identified a pop-up address bar spoofing weakness in Microsoft’s newly released Internet Explorer 7 browser. The flaw, first reported by security notification firm Secunia, might lend itself to phishing attacks and remains currently unpatched.

The security bug creates a means for hackers to display a popup with partially spoofed address bar where a number of special characters have been appended to a URL. Only part of the address bar will be displayed, creating a possible mechanism to trick users into believing they are visiting a trusted site rather than one controlled by hackers.

The weakness has been confirmed to exist in IE7, running even on a fully patched Windows XP SP2 system. Secunia has constructed a demo designed to illustrate the flaw which can be found here.

Source: TheRegister

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress