Via Secunia.com -
Aviv Raff has discovered a vulnerability in Internet Explorer 7, which can be exploited by malicious people to conduct phishing attacks.
An input validation error exists in the local resource page "navcancl.htm" when generating the "Refresh the page" link. This can be exploited to inject arbitrary script code to e.g. spoof the contents of an arbitrary site when the user clicks on the "Refresh the page" link.
No comments:
Post a Comment