[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6905b1570703141310y73699846nf0eed602d332ad00@mail.gmail.com>
Date: Wed, 14 Mar 2007 20:10:04 +0000
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: avivra <avivra@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
exploits@...testar.linuxbox.org
Subject: Re: Phishing using IE7 local resource
vulnerability
quite cool, good work
On 3/14/07, avivra <avivra@...il.com> wrote:
> Summary
> Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its
> local resources. In combination with a design flaw in this specific local
> resource it is possible for an attacker to easily conduct phishing attacks
> against IE7 users.
>
> Affected versions
> . Windows Vista - Internet Explorer 7.0
> . Windows XP - Internet Explorer 7.0
>
> Workaround / Suggestion
> Until Microsoft fixes this vulnerability, do not trust the "Navigation
> Canceled" page!
>
> Technical Details and Proof-of-Concept
> Can be found here:
> http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability
> .aspx
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists