[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Phishing using IE7 local resource vulnerability

To: avivra <avivra@xxxxxxxxx>
Subject: Re: [Full-disclosure] Phishing using IE7 local resource vulnerability
From: "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>
Date: Wed, 14 Mar 2007 20:10:04 +0000

quite cool, good work

On 3/14/07, avivra <avivra@xxxxxxxxx> wrote:
> Summary
> Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its
> local resources. In combination with a design flaw in this specific local
> resource it is possible for an attacker to easily conduct phishing attacks
> against IE7 users.
>
> Affected versions
> . Windows Vista - Internet Explorer 7.0
> . Windows XP - Internet Explorer 7.0
>
> Workaround / Suggestion
> Until Microsoft fixes this vulnerability, do not trust the "Navigation
> Canceled" page!
>
> Technical Details and Proof-of-Concept
> Can be found here:
> http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability
> .aspx
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Phishing using IE7 local resource vulnerability
  - From: avivra

Prev by Date: [Full-disclosure] heee he
Next by Date: [Full-disclosure] [ GLSA 200703-13 ] SSH Communications Security's Secure Shell Server: SFTP privilege escalation
Previous by thread: [Full-disclosure] Phishing using IE7 local resource vulnerability
Next by thread: [Full-disclosure] heee he
Index(es):
- Date
- Thread