Internet Explorer 7
A new vulnerability in Internet Explorer 7 could be exploited by identity thieves

New IE7 bug exposes users to content injection

Software 'feature' could allow ID theft

Tom Sanders in California

Security researchers at Secunia have discovered a new vulnerability in Internet Explorer 7 that could be exploited by online identity thieves. 

An attacker could inject content into another website's window, for instance replacing a log-in pop-up window for an online bank with a page that looks similar to the bank's log-in window.

Advertisement

The attacker would have to know the target name of the window being replaced, and would require the attacker's website and the target website to be open at the same time.

Secunia rated the vulnerability as 'moderately critical', its third most severe security rating on a five-step scale.

A Microsoft spokesman denied that the reported flaw describes a vulnerability in its software.

The company told vnunet.com in an emailed statement that Secunia describes the issue as "a by-design behaviour in popular web browsers that allows a website to open or reuse a pop-up window".

Users will be able to tell that they have been directed to a phishing website because the pop-up window displays an address bar.

Secunia issued a warning about a similar vulnerability in Internet Explorer 5 and 6 in 2004. 

Today's alert is the fourth alleged security vulnerability that Secunia has unearthed in Internet Explorer 7 since the browser was launched earlier this month.

In addition to today's denial, Microsoft has dismissed one other Secunia report because it affected Outlook Express rather than IE7. Microsoft has confirmed the two other vulnerabilities.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

a padlock

Microsoft to plug security holes

Microsoft has given advance warning of a number of security...

Nokia handset

Top 10 articles, 10 July 09

No Nokia Android phone, ActiveX attacks and Google enters into...

Can Google beat Microsoft at its own game?

Google's announcement this week that it plans to step into...

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Primary Navigation