Secunia Advisory: SA30851
Release Date: 2008-06-26
Critical: Moderately critical
Impact: Security Bypass
Spoofing
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 7.x
Description:
sirdarckcat has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks.
The problem is that it is possible for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website.
This may be a variant of:
SA11966
The vulnerability is confirmed in IE7. Other versions may also be affected.
Solution:
Do not visit or follow links from untrusted websites.
Bollettino Secunia
Release Date: 2008-06-26
Critical: Moderately critical
Impact: Security Bypass
Spoofing
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 7.x
Description:
sirdarckcat has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks.
The problem is that it is possible for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website.
This may be a variant of:
SA11966
The vulnerability is confirmed in IE7. Other versions may also be affected.
Solution:
Do not visit or follow links from untrusted websites.
Bollettino Secunia