Secunia reports another Internet Explorer 7 flaw

By

Secunia today reported a new vulnerability in Internet Explorer 7 (IE7) that can be exploited during phishing attacks.


The vulnerability reporting firm said that an anonymous tip lead them to the vulnerability, which allows the browser to display a popup with a spoofed address bar that has special characters appended to the URL. The vulnerability makes it possible to only display a part of the address bar, which could potentially fool users into believing in the pop-up's credibility.
The hole is listed as a "less critical" vulnerability by Secunia, which has a demonstration of the vulnerability on its site.
According to Thomas Kristensen, Secunia CTO, it might be possible for the vigilant user to spot something that isn't quite right when a pop-up occurs, but he is worried about the danger to average users.
"This is the kind of spoofing vulnerabilities that (Microsoft) IE7 was supposed to be better at protecting against than its predecessor," said Kristensen. "Any user not wearing the paranoid glasses is easily fooled by this trick - despite the built-in anti-phishing mechanism being enabled."
Only in its first week since release, IE7 has already seen a pair of its vulnerabilities reported to the public. Just hours after the browser was first distributed, Secunia warned of an error in redirection handling for URLs with the mhtml: URI handler.
Click here to email Ericka Chickowski.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
anotherexplorerflawinternetreportssecuniasecurity

Sponsored Whitepapers

What 4 wholesale distribution challenges aren’t going away anytime soon?
What 4 wholesale distribution challenges aren’t going away anytime soon?
State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape
Transform IT Service Delivery with Freshworks ITSM
Transform IT Service Delivery with Freshworks ITSM
Digital Transformation That Works in the Real World
Digital Transformation That Works in the Real World
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security

Events

Most Read Articles

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study
Greater Western Water's billing system data issues laid bare

Greater Western Water's billing system data issues laid bare
Microsoft plans full quantum-resistant cryptography transition by 2033

Microsoft plans full quantum-resistant cryptography transition by 2033
TPG Telecom reveals iiNet order management system breached

TPG Telecom reveals iiNet order management system breached
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?