Third flaw found in IE7
By Iain Thomson,
Microsoft's new browser Internet Explorer 7 (IE7) has had a third flaw identified barely a week after the code was released.
The flaw was identified over the weekend by researchers Per Gravgaard and allows a hacker to subvert legitimate web sites. By crafting special code a hacker can spoof legitimate online sites with their own web pages.
"The problem is that a website can inject content into another site's window if the target name of the window is known," warns the advisory.
"This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website."
The problem arises in the way the browser handles pop-up pages. Using the flaw a hacker could choose a legitimate pop-up URL and when it opened overlay new web copy in the window, which could be used to harvest the target's personal details.
IE7 should be able to defeat this kind of attack as it displays the current URL of any pop-up, unlike earlier versions of the browser. But, when used in conjunction with the second flaw found in the browser a combination attack can fool IE7 users.
The first security flaw in IE7 was found within days of its release, but Microsoft has disputed this, claiming the problem is not with IE7 but with other applications using the browser.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Networking Analysis & Insight
Bring you own device: the $600 question
Inside the enterprise: A recent Cisco report claims bring your own device is gaining support from IT departments. But how much are staff willing to invest in personal technology?
- Interop 2012: Q&A, Saar Gillai, CTO, HP Networking
- Is BT the key to broadband Britain?
- Tencent: the biggest web company you’ve never heard of
- The truth about spam
- Have ISPs finally lost the DEA fight?
- Are you ready to launch IPv6 securely?
- Broadband, pricing and small businesses
- Welcome to the stay-at-home Olympics
- Q&A: Cisco on servers, storage and strategy
Latest Networking Reviews
HP t410 All-in-One Thin Client review: First look
- Swyx SwyxExpress X20 review
- Ipswitch WhatsUp Gold Premium 15
- ForeScout Technologies CounterACT 6.3.4
- ThinPrint Printer Dashboard review: First Look
- TITUS Aware for Microsoft Outlook review
- Windows Phone 7 Mango review: First Look
- Dartware InterMapper review
- Kemp Technologies LoadMaster 3600 review
- Sangfor WANACC M5500 review
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
PlayRegister for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
