All the latest UK technology news, reviews and analysis

Internet Explorer flaw leads to phishing attack

by Shaun Nichols

More from this author

19 Mar 2007

Be the first to comment

  • Tweet this
Internet Explorer
The flaw lies in the way Internet Explorer handles failed page loadings

A newly uncovered vulnerability in Microsoft's Internet Explorer could allow attackers to launch a phishing attack. 

Security firm Secunia said that the flaw lies in the way Internet Explorer handles failed page loadings. When a page fails to load or cannot be found, a default HTML file known as 'navcancl.htm' is normally displayed. 

Further reading

The page contains a message that the requested file could not be accessed along with a button that reloads the page.

The attack is carried out when a user visits an attacker's site. The site causes the 'navcancl' page to load and then manipulates the refresh button to redirect the user to a phishing site.

"While some may argue that such an attack requires too many steps, if you think about it, anyone who surfs the internet performs the same exact steps all the time: surf, fail to access the page, refresh," said Secunia technical writer Ina Ragragio.

The vulnerability is classified as 'less critical', the second of Secunia's five security alert levels.

A Microsoft spokesperson told vnunet.com that the company is investigating the reports. 

Microsoft and Secunia have not received any reports of attackers actively targeting the vulnerability.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

data-security-key

Thousands of public encryption keys found to offer no security

Related white papers

Related articles

Related jobs

Today's top stories

Web blocking. Content owners want to stop copyright infringement

Music file-sharing site taken offline by UK Serious Organised Crime Agency

Mozilla Firefox logo

Mozilla adds Android and security updates to Firefox roadmap

Acer Aspire S3 Ultrabook

Acer Aspire S3 ultrabook review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Salesforce.com Tech/Func Consultants, £50-70K + Bens, UK

Salesforce.com Consultants, both Functional or Technical...

Enterprise Data Architect - £95k

Enterprise Data Architect required by reputable Banking...

BI Developer / Data warehousing Developer - SSAS, SSRS

SSIS, SSAS, MDX, OLAP, OLTP, Data Warehousing, Data Modelling...

Senior Network Engineer

Specialist IT service provider is looking to recruit...

To send to more than one email address, simply separate each address with a comma.