Another IE 7 Bug Made An Appearance
Secunia, the security firm, last week discovered vulnerability in Outlook Express that could take advantage of IE 7 when a user visits a malevolent Website. As per Secunia, the recent problem involves a susceptibility that involves deceiving a URL in address bar.
The bug permits the hackers to install a bogus Web address in one of the pop-up Windows of browser. It can be used to dodge the victim into accidentally downloading something that appeared to be an authentic Website.
Thomas Kristensen, CTO, Secunia, said that it might be a possibility that a vigilant user pinpoint something that is not right when a pop-up comes on Window, but he was worried about average users. He said further that Microsoft IE 7 was believed to protect this vulnerability better than its precursor. Despite the presence of anti-phishing software this trick can befool any user if he not vigilant.
A representative from Microsoft said in an email that the problem is with the Web addresses are shown in the address bar of IE 7. He wrote that a hacker could exploit the problem by dodging a potential victim to click on a link that is specially formatted.
Microsoft said that left part of Web address would be blocked by the pop-up. However, clicking on the browser Window or the address bar and scrolling within these would display complete URL.
Microsoft said that if a site is a part of a phishing scam then an attack on the site fails. phishing shield of IE 7 will recognize such Websites and alert the users. The company said that they don't have any information of attacks that actually employ the reported susceptibility.
Microsoft reported that it will look to address the issue and may come out with a patch to fix the problem. The company criticized the unknown disclosure of the vulnerability. Microsoft said that it prefer to disclose the security issues privately so that it can fix them before the public comes to know about it.
Related article: Another Worm Using Bush’s Theme Creeps Into PCs
» SPAMfighter News - 28-10-2006