Two Vulnerabilities in IE

A new vulnerability was found in IE 6, but it doesn't affect IE 7. However, a new vulnerability was also found in IE 7 that can lead to content spoofing.

According to a report by Secunia, the IE 7 problem makes it possible "for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website."

As for the vulnerability in IE 6, "is caused due to an input validation error when handling the "location" or "location.href" property of a window object. This can be exploited by a malicious website to e.g. open a trusted site and execute arbitrary script code in a user's browser session in context of the trusted site." The immediately solution is to upgrade to IE 7.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish