New Internet Explorer hole found

— 9:38 AM on April 7, 2006

A new vulnerability in Internet Explorer has been uncovered that could cause users to fall for phishing scams. Secunia, the security company that uncovered the hole earlier this week, describes it like this:

The vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files (".swf") in browser windows. This can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.
The security company set up a test page that displays content from the Secunia site with "" in the address bar on vulnerable browsers. So far, both the latest version of Internet Explorer 6.0 and the new Internet Explorer 7.0 Beta are vulnerable, although Secunia says previous versions "may also be affected." This news comes while Microsoft has yet to release a fix for an earlier "highly critical" IE vulnerability which allows remote code execution on versions of Internet Explorer prior to the latest IE7 Beta. A cumulative patch for that vulnerability is expected on April 11, but no date is known for a potential fix to the phishing hole.
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.