Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account

Microsoft Confirms IE7 Address Bar Flaw

  • Please log in to reply

Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Microsoft confirmed a vulnerability Thursday in the address bar of Internet Explorer 7. First reported by security firm Secunia on Wednesday, the issue occurs in popup windows. It is possible to display a somewhat spoofed address bar, the company said.

Due to this issue, a specially crafted URL with special characters may hide portions of the address. This could open the user up to attacks, including performing actions that it may not be aware of. Secunia has rated the issue as "less critical," its second lowest rating.

No attacks using this flaw are currently known, Microsoft said. It also recommended users make use of the Microsoft Phishing Filter that is included within IE7.

"The Microsoft Phishing Filter online service is designed to allow us to update it fairly quickly with information as sites are reported and confirmed by us," Christopher Budd of the Microsoft Security Response Center Blog said.

"We do have this issue under investigation and as always, once we complete our investigation we'll take appropriate steps to protect our customers," he continued.

However, Budd downplayed the flaw, saying Microsoft's research showed the full URL can still be displayed by clicking in the browser windows or address bar, or scrolling within the address bar.
  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP