Secunia claims another IE7 vulnerability

Stan Beer
Wednesday, 25 October 2006 19:39

Your IT - Home IT

Danish security firm Secunia claims that another weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.

Last week, Secunia found an Outlook Express vulnerability that could exploit IE7 when users visited a malicious website.

Acording to Secunia, the latest problem involves a vulnerability which involves spoofing a URL in the address bar.

"The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions," the Secunia advisory reads.

Secunia has constructed a demonstration, which is available at the following address and says in its advisory that he weakness is confirmed in Internet Explorer 7 on a fully patched Windows XP SP2 system.

"These are the kind of spoofing vulnerabilities, which IE7 was supposed to be better at protecting against than its predecessor," said Secunia chief technology officer, Thomas Kristensen , in an email to iTWire.

"While the issue isn't clear cut since the vigilant (paranoid?) user might be able to spot that something isn't quite right, then any user not wearing the paranoid glasses is easily fooled by this trick - despite the built-in anti-phishing mechanism being enabled," Kristensen added.