In Internet Explorer 7 displays vulnerability

20th March 2007

In the Microsoft browser Internet Explorer version 7 vulnerability is found, which in theory can be used by intruders in phishing attacks. The gap was discovered by an Israeli specialist in computer security Aviv Raff. The problem relates to the features of the browser`s displaying the page with the message of error navcancl.htm. This page is stored on the local hard disk and is displayed on the screen if a user suddenly interrupts downloading site. The navcancl.htm, among other things, contains the link clicking on which one can begin the process of re-loading site. However, if a user clicks on the link, the attacker, under certain conditions, can make the browser display false information in the address bar. In other words,a dummy page address bar and the interface can be displayed, for example, some online payment system page. Thus, an attacker can steal confidential data on the victim, such as a bank account, credit cards, etc. The gap in Internet Explorer 7 reveals itself, with the browser is used on computers running under Windows XP and Windows Vista. Aviv Raff presented an example of code, which can use vulnerability. Microsoft Corporation, according to the InfoWorld is already informed of the problem, but the patch has not been released yet. Anyway, Microsoft stressed that there have not been any practical use of the vulnerability so far.