Cross Site Scripting and Phishing Flaws in Microsoft IE 7

Aviv Raff, an Israeli vulnerability boffin, has discovered flaw in IE (Internet Explorer) 7 that can be exploited by nasty people to relay phishing attacks, reported secuobs on March 15, 2007. Microsoft is checking his findings.

The vulnerability is troubling for both Microsoft and businesses and individual users whose livings rely on being able to carry out safe financial transactions.

A security hole has been discovered in Microsoft IE 7 that could be abused by malevolent Websites to carry out phishing attacks or spoofing. The problem is due to an input validation error in "res://ieframe.dll/navcancl.htm" (it's a the resource page) when generating the "Refresh the page" link to reload a Website. Hackers can exploit it to mock the shown address bar by duping a user into clicking the link "Refresh the page" while visiting a malevolent web page.

Raff informed that IE7 operating on Windows XP and Vista is vulnerable to cross-site scripting strikes. This, coupled with design vulnerability in the browser, could let the digital criminals to launch phishing attacks against users. He called it a serious flaw as it allows an attacker to take advantage of a user's system without creating a spoofed URL. The user will get to see the authentic URL in the address bar and the bogus content by the hacker, as reported on March 16, 2007 by searchsecurity.techtarget.

Raff informed that the bug could be abused to launch a phishing strike if the users want to connect to, for example, an e-commerce, banking, or social networking Website. However, one can't take advantage of the flaw to implement remote code, added Raff.

Microsoft is looking into the matter and will provide guidance to users as necessary. It had no information of any users being affected, told a spokesperson from Secunia to SCMagazine.com in an e-mail on March 16, 2007 as reported by scmagazine.

The solution for the problem is not to follow the links from unknown sources. Secunia recommended not to click on the link "Refresh the page" when "Navigation Canceled" page is shown.

Secunia advised that users should validate all advisories they get by clicking on the link. A company does not send any files attached with advisories. Secunia said that users should not install patched from any third party, but only those supplied by a vendor.

Related article: Crooks Causing Spam Deluge In Australia

» SPAMfighter News - 3/29/2007