The vulnerability was first discovered two years ago in Microsoft's Internet Explorer 6 (IE6), according to Secunia. Microsoft, however, denied that the issue is a vulnerability.
An attacker can exploit the flaw by using a malicious website to inject content into a trusted site's pop-up window if the pop-up's target name is known. The attacker can then spoof the content of a pop-up window that had been opened on a trusted site.
Thomas Kristensen, Secunia CTO, said today that IE7 is vulnerable in its default configuration to such an exploit.
"This issue could be fixed in IE6 by setting the ‘navigate sub-frames across different domains' to disable. This setting is now disabled by default in IE7, but this does not appear to have any effect," he said. "The problem is that it is possible for a malicious website to inject new content into a pop-up window, which has been opened by a trusted site. This will trick many users and cause the user to believe that the content is served from the trusted site."
A company spokesperson said today that Redmond has investigated reports of the flaw and determined that it is not a vulnerability.
"The report describes a by-design behavior in popular web browsers that allows a website to open or re-use a pop-up window," the spokesperson said.
The spokesperson also recommended that PC users verify HTTPs before typing personal information into a pop-up window.
Secunia last week reported a vulnerability in IE7 that could be exploited during phishing attacks.
Just hours after it was released, researchers warned of a flaw in redirection handling for URLs with the mhtml: URI handler. Microsoft and Secunia had disagreed on that flaw as well, with Redmond contending that the issue was actually located within Outlook Express and not IE7.
Click here to email Frank Washkuch Jr.
Secunia, Microsoft disagree on another reported Internet Explorer 7 flaw
By Frank Washkuch on Oct 30, 2006 5:12PM