RETIRED: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability

TITLE: RETIRED: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability
CLASS: Design Error
CVE: CVE-2007-1752

REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 13 2007 04:39AM
CREDIT: The vendor reported this issue.
VULNERABLE:

Microsoft Internet Explorer 7.0
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0

NOT VULNERABLE:

Vai alla pagina originale su Security Focus

Discussion

Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability.

Attackers may exploit this vulnerability via a malicious webpage to spoof the contents of the Navigation canceled page. This may assist in phishing or other attacks that rely on content spoofing.

NOTE: This BID is being retired because this issue was previously reported in BID 22966: Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability.

Exploit

To exploit this issue, an attacker must entice an unsuspecting user to visit a maliciously crafted webpage.

Solution

Solution:
The vendor released an advisory and fixes to address this issue. Please see the references section for more information.

NOTE: This BID is being retired because this issue was previously reported in BID 22966: Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability.


Microsoft Internet Explorer 7.0

• Microsoft Cumulative Update for Internet Explorer 7 for Windows Server 2003 (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=A074D9C0-1FED-4753-845E-073CFCE99F45


• Microsoft Cumulative Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=77287386-48EB-4AA9-9537-626A3093AAF7&displaylang=en


• Microsoft Cumulative Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=69C526B8-8B07-42BC-9BED-E18DEAE21C8E


• Microsoft Cumulative Update for Internet Explorer 7 for Windows XP Service Pack 2 (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C2191703-8CBD-4959-9F84-E13F21173926


• Microsoft Cumulative Update for Internet Explorer 7 in Windows Vista x64 Edition (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=77287386-48EB-4AA9-9537-626A3093AAF7


• Microsoft Cumulative Update for Internet Explorer 7 for Windows XP x64 Edition (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=69C526B8-8B07-42BC-9BED-E18DEAE21C8E

References

References:

• Internet Explorer Home Page (Microsoft)
  
• Microsoft Security Bulletin MS07-033 (Microsoft)
  

PhpLog