Internet Explorer 7 Window Injection Vulnerability

Posted on Wednesday, November 01, 2006 @ 02:08:25 CET in Security
by Raven

SECUNIA ADVISORY ID: SA22628

VERIFY ADVISORY: http://secunia.com/advisories/22628/

CRITICAL: Moderately critical

IMPACT: Spoofing

WHERE: >From remote

SOFTWARE: Microsoft Internet Explorer 7.x - http://secunia.com/product/12366/

DESCRIPTION: A vulnerability has been discovered in Internet Explorer 7, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

This is related to: SA13251. Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ . The vulnerability has been confirmed on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2.

SOLUTION: Do not browse untrusted sites while browsing trusted sites.

PROVIDED AND/OR DISCOVERED BY: Originally discovered by: Secunia Research

Reported in Internet Explorer 7 by: Per Gravgaard

OTHER REFERENCES: SA13251: http://secunia.com/advisories/13251/
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 373,442,881
  • Today: 48,906
Server InfoServer Info
  • Dec 16, 2018
  • 11:53 pm CET