Internet Explorer 7 "onunload" Event Spoofing Vulnerability RRS feed

  • Question

  • Internet Explorer 7 "onunload" Event Spoofing Vulnerability

    a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar.

    The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice.

    The vulnerability is confirmed on a fully patched Windows XP SP2 system running Internet Explorer 7. Other versions may also be affected.

    Close all browser windows after visiting untrusted websites.

    Wednesday, March 7, 2007 5:46 AM