| By Chris Mosby |
Even after all I’ve seen in this business of computers, every once in a while I come across something that surprises me.
Learning about a flaw in IE that could prevent you from leaving a Web page was one of those times.
IE 7 can trap users on Web sites
The user-trapping flaw most recently discovered in Internet Explorer 7 involves the use of document.open() calls.
Just like the flaw that I reported in the Mar. 1 issue of the newsletter, this exploit allows a hacker to spoof an address in the address bar of IE. This will work even if a user manually types a new Web site into the address bar.
Combine this with a hacker faking the visible content of a legitimate Web site, and a hacker can trick a user into thinking that he or she has successfully navigated to a trusted site. This makes users very vulnerable to any phishing attempts that a hacker had planned.
This flaw has been confirmed on a fully patched Windows XP SP2 system running IE 7. However, other versions of IE may also be vulnerable to this threat.