Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 29th, 2008

MS Internet Explorer 7 Popup Window Address Bar Spoofing Vulnerability

Juan Pablo Lopez Yacubian reported that Internet Explorer 7 (also in all MS Vista versions) is affected by a URI-spoofing vulnerability.

An attacker may leverage this issue by inserting strings to spoof the source address of a file presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source address of a trusted site while interacting with the attacker’s malicious site.

To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web document. The following example exploit is available:

Reports indicate that unspecified versions of Firefox are also prone to this issue, but that has not been confirmed.

Currently there are no vendor-supplied patches. If you are aware of a patch or more recent information, please comment.

Share this item with others:

More on CyberInsecure:
  • Address Spoofing Flaw Allows Google’s Chrome Websites Impersonation
  • Cross-Domain Vulnerability In Microsoft Internet Explorer 6
  • Carpet-bombing Vulnerability In Google Chrome New Browser
  • Apple Safari For Windows Critical Vulnerabilities
  • Basic Flaws Allow Phishing And Spamming Vulnerabilities In iPhone

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: MS Internet Explorer 7 Popup Window Address Bar Spoofing Vulnerability

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.