IE 7.0 Vulnerable to Address Bar Spoofing

IE 7.0 Vulnerable to Address Bar Spoofing Secunia reports that an anonymous person discovered that it's possible to partially spoof the Microsoft Internet Explorer (IE) 7.0 Address bar in a pop-up window, which might lead to phishing attacks. When showing an address with special characters, the Address bar might display incorrect or incomplete information to the user that tricks the user into unintended actions. Microsoft is aware of the problem, however no patch is available at this time. A workaround suggested by the United States Computer Emergency Readiness Team (US-CERT) is to disable Active Scripting in the Internet Zone. http://secunia.com/advisories/22542/ http://www.kb.cert.org/vuls/id/347188

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish