Secunia round 3: Internet Explorer 7 Window Injection Vulnerability

Posted by bink on October 30 2006, 7:05 PM. Posted in Internet Explorer.

A vulnerability has been discovered in Internet Explorer 7, which can be exploited by malicious people to spoof the content of websites.The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.Secunia has constructed a test, which can be used to check if your browser is affected by this issue:http://secunia.com/multiple_browsers_window_injection_vulnerability_test/The vulnerability has been confirmed on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Full Story At Source