Third flaw found in IE7

Secunia issues new alert as flaw number three is found in Microsoft's new browser

Microsoft's new browser Internet Explorer 7 (IE7) has had a third flaw identified barely a week after the code was released.

The flaw was identified over the weekend by researchers Per Gravgaard and allows a hacker to subvert legitimate web sites. By crafting special code a hacker can spoof legitimate online sites with their own web pages.

"The problem is that a website can inject content into another site's window if the target name of the window is known," warns the advisory.

"This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website."

The problem arises in the way the browser handles pop-up pages. Using the flaw a hacker could choose a legitimate pop-up URL and when it opened overlay new web copy in the window, which could be used to harvest the target's personal details.

IE7 should be able to defeat this kind of attack as it displays the current URL of any pop-up, unlike earlier versions of the browser. But, when used in conjunction with the second flaw found in the browser a combination attack can fool IE7 users.

The first security flaw in IE7 was found within days of its release, but Microsoft has disputed this, claiming the problem is not with IE7 but with other applications using the browser.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/operating-systems/microsoft-windows/354789/microsoft-pulls-disastrous-windows-10-security-update
Microsoft Windows

Microsoft pulls disastrous Windows 10 security update

17 Feb 2020