Internet Explorer 7 "onunload" Event Spoofing Vulnerability

• Question

• 

  

  0

  Sign in to vote

  Internet Explorer 7 "onunload" Event Spoofing Vulnerability

  a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar.
  
  The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice.
  
  The vulnerability is confirmed on a fully patched Windows XP SP2 system running Internet Explorer 7. Other versions may also be affected.
  
  Solution:
  Close all browser windows after visiting untrusted websites.

  Wednesday, March 7, 2007 5:46 AM