Second flaw in IE7, claimes security firm Secunia
Microsoft has already responded to the news of a bug
26 October 2006 12:01 GMT / By Amber Maitland
Subscribe to RSS feeds
Create PDF of this article
Share this article
Save this article
Email this article
Print this article
Software homepage
The flaw lets hackers put a fake web address in a pop-up window, and could trick users into downloading from what looks like a secure website. The hacker can add special characters to the end of the web address so that only a part of the URL is displayed.
Microsoft's Christopher Budd has quickly posted an entry to the Security Response Center Blog, agreeing that there is an “issue with how URLs are displayed in the address bar. Specifically, we've seen that this occurs in a pop-up window after a user clicks a specially formed link on an untrusted website or in an untrusted email”.
He explains further: “Now, while the full URL is actually present in the address bar, the left part of the URL is not initially displayed. But, you can see the full URL if you either click in the browser window or in the address bar and then scroll within the address bar”.
The flaw is rated as “less critical” by Secunia, and Budd writes that Microsoft isn't aware of any attacks exploiting this flaw, but that the team is keeping an eye on it. He uses the rest of the entry to explain Microsoft's Anti-Phishing filter in IE7 and how it can protect against attacks exploiting flaws like the one Secunia has found.
-
COMMENT
VIDEO: Megawhat Week In View
-
PHONES
Nokia Prepping Android Phone
-
PHONES
SE "Rachael" Android Handset Leaks
Comments