Spyware Remover
Flaws Discovered in New IE7 Browser
(presented by www.spyware-remover-free.net - spyware remover)
By Eva Gibson
After only a couple of weeks on the market, Microsoft’s Internet Explorer 7 browser has been found to contain flaws that threaten the user’s security and leave them open to malicious attacks. The most recent flaw involves popup windows containing malicious code appearing on legitimate websites. Add to that the spoofing-based flaw discovered last week in IE7, and you get a security threat of which most users would do well to be wary.
According to Danish security vendor Secunia, a vulnerability today was discovered that allows hackers to inject content into a user’s site window if the hacker knows target name of the window. If a user visits a site developed by a hacker for this purpose and then opens another, trusted site, the hacker can insert content into any popups the trusted site might contain.
While it does not allow the hacker access to or control of the user’s computer, the flaw can still gather a user’s personal information if the user enters user names and passwords or account numbers into the window. Since the websites being targeted are legitimate, trusted sites, it is that much easier for hackers to take advantage of even security-savvy users.
This flaw is a repeat of an IE6 problem, first reported in 2004.
Secunia’s website states that the company has created a test for users who suspect they may have been spoofed, which can be found at http://secunia.com/multiple_browsers_window_injection_vulnerability_test/. To steer clear of this vulnerability, Secunia experts advise that users avoid browsing trusted and untrustworthy sites at the same time. Since the flaw is unique to IE7, it might also be a good idea to use a different browser until a patch is issued for IE7.
with th
e site they are browsing.
Microsoft has been notified of the issue and is currently researching it. To date, no patch has been released for either flaw. No exploits of the flaw have been reported.
