TITLE: Internet Explorer 7 Window Injection Vulnerability SECUNIA ADVISORY ID: SA22628
VERIFY ADVISORY: http://secunia.com/advisories/22628/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 7.x http://secunia.com/product/12366/ DESCRIPTION: A vulnerability has been discovered in Internet Explorer 7, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. This is related to: SA13251 Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ The vulnerability has been confirmed on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. SOLUTION: Do not browse untrusted sites while browsing trusted sites. OTHER REFERENCES: SA13251: http://secunia.com/advisories/13251/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
