Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Windows Secrets>Another user-trapping flaw found in IE

Another user-trapping flaw found in IE
Tweet

Chris mosby By Chris Mosby

Even after all I’ve seen in this business of computers, every once in a while I come across something that surprises me.

Learning about a flaw in IE that could prevent you from leaving a Web page was one of those times.

IE 7 can trap users on Web sites

The user-trapping flaw most recently discovered in Internet Explorer 7 involves the use of document.open() calls.

Just like the flaw that I reported in the Mar. 1 issue of the newsletter, this exploit allows a hacker to spoof an address in the address bar of IE. This will work even if a user manually types a new Web site into the address bar.

Combine this with a hacker faking the visible content of a legitimate Web site, and a hacker can trick a user into thinking that he or she has successfully navigated to a trusted site. This makes users very vulnerable to any phishing attempts that a hacker had planned.

This flaw has been confirmed on a fully patched Windows XP SP2 system running IE 7. However, other versions of IE may also be vulnerable to this threat.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

Related posts:

  1. Word 2000/XP flaw makes docs dangerous
  2. Serious flaw in Yahoo Messenger
  3. Yet another unpatched IE browser flaw
  4. Fix for Windows XP deadly flaw
  5. Patched IE still has security holes
= Paid content

All Windows Secrets articles posted on 2007-07-19:

  • Top Story Add Premium/Enterprise features to XP or Vista
  • Known Issues Get a great backup program for free
  • Wacky Web Week It’s 2 a.m. — know where your icons are?
  • PC Tune-Up How to power-search the Web easily
  • Windows Secrets Another user-trapping flaw found in IE
  • Patch Watch The fallout intensifies over .NET patches
  •  Show all articles on a single page
E-books

We’ve pored through years of back issues, picking the best tips, to create these ebooks:

E-book series
  • PC Maintenance Guide
  • PC Security Guide
  • Windows 7 Guide Vol 1
  • Windows 7 Guide Vol 2
  • Win XP Survival Guide
See the e-book series
Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb