Security firm Secunia said that the flaw lies in the way Internet Explorer handles failed page loadings. When a page fails to load or cannot be found, a default HTML file known as 'navcancl.htm' is normally displayed.
The page contains a message that the requested file could not be accessed along with a button that reloads the page.
The attack is carried out when a user visits an attacker's site. The site causes the 'navcancl' page to load and then manipulates the refresh button to redirect the user to a phishing site.
"While some may argue that such an attack requires too many steps, if you think about it, anyone who surfs the internet performs the same exact steps all the time: surf, fail to access the page, refresh," said Secunia technical writer Ina Ragragio.
The vulnerability is classified as 'less critical', the second of Secunia's five security alert levels.
A Microsoft spokesperson said the company is investigating the reports.
Microsoft and Secunia have not received any reports of attackers actively targeting the vulnerability.
_(37).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
_(39).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Data & AI Edition
.png&w=120&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
iTnews State of Security Breakfast
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
_(1).jpg&h=140&w=231&c=1&s=0)
