1. Nueva vulnerabilidad en Explorer 7

25/10/2006 - 21:18 por Ivan | Informe spam
Bueno; en realidad es tan vieja como el mundo, pero por eso resulta en
extremo sorprendente que afecte al ultra mega flamante Explorer 7.
Se trata de que Explorer 7 es vulnerable a la falsificación de su barra de
direcciones en una ventana emergente (pop-up), de forma que mediante la
introducción de caracteres extra en la URL, se muestra sólo una parte de
ésta y se puede aparentar que estamos navegando por un sitio fiable, cuando
en realidad nos podemos encontrar en otro bien diferente.

En resumen: phishing servido en bandeja de plata...

Más información y demos:

Internet Explorer 7 Popup Address Bar Spoofing Weakness (Secunia).
http://secunia.com/advisories/22542/

Microsoft Internet Explorer 7 Popup Window Address Bar Spoofing Weakness
(Security Focus).
http://www.securityfocus.com/bid/20728



http://www.kriptopolis.org/nueva-vu...explorer-7
 

Leer las respuestas

#1 Ivan
25/10/2006 - 21:38 | Informe spam
I have been contacted by a Microsoft's spokesperson about the "IE7 bug" which technically is an Outlook Express bug. In Vista this bug is fixed, for Windows XP this fix is underway.

Official Statement: Microsoft is aware of public reports of a vulnerability in Outlook Express which is currently under investigation. Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time.

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs.

Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at
this location: http://support.microsoft.com/security.

As always, Microsoft encourages customers to follow its "Protect Your PC" guidance of enabling a firewall, applying all security updates and installing anti-virus software. Customers can learn more about these steps at www.microsoft.com/protect.


Saludos cordiales. Ivan
http://www.multingles.net/jmt.htm
news://jmtella.com

Preguntas similares