The two IE 7 security holes, if used in conjunction with each other, can easily dupe all but the most security-minded users, said Thomas Kristensen, chief technology officer of security company Secunia, which discovered the problems. Secunia has classed the latest problem a security vulnerability, while Microsoft states the situation arises from "by-design behavior" in the browsers. "The (Secunia) report describes a by-design behavior in popular Web browsers that allows a Web site to open or re-use a pop-up window," a Microsoft reprensentative said.
"In Internet Explorer 7, the Web page's actual URL is displayed in a pop-up window address bar, enabling users to accurately make a trust decision." Secunia rated the most recent flaw as " " because viewing the content does not provide attackers access to a user's computer. But it can still prove harmful if a user enters sensitive information into the malicious pop-up window, such as credit card information, usernames or passwords, Kristensen noted.
Secunia noted that the security flaw can affect a fully patched system running IE 7 and Microsoft Windows XP Service Pack 2.
News RSS