Microsoft Confirms Second IE7 Vulnerability

With all the anticipation and the publicity that they have been building up around Internet Explorer 7, it is only natural that the Microsoft browser also appears as an item of pray. On 25 October 2006, Secunia reported the second vulnerability to impact Internet Explorer 7 after the "mhtml:" Redirection Information Disclosure flaw disclosed just seven days ago. At that point, Microsoft saved face by gearing the vulnerability toward Outlook and away from IE7. But now, the second vulnerability was confirmed by the Microsoft Security Response Center Blog.

According to Secunia, Internet Explorer 7 running on fully patched versions of windows XP SP2 systems are vulnerable to phishing attacks. "The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions," stated Secunia.

Christopher Budd, Program Manager with the Microsoft Security Response Team has revealed that the vulnerability is related to the manner in which URLs are displayed in the address bar. He did acknowledge Secunia's version with these words: "Specifically, we've seen that this occurs in a pop-up window after a user clicks a specially formed link on an untrusted website or in an untrusted e-mail. Now, while the full URL is actually present in the address bar, the left part of the URL is not initially displayed. But, you can see the full URL if you either click in the browser window or in the address bar and then scroll within the address bar."

But Microsoft has denied that attacks exploiting this vulnerability exist. Attempting to somewhat downplay the vulnerability, the Redmond Company has emphasized the additional protection delivered by the Microsoft Phishing Filter, underlining anti-phishing protection. With or without the Phishing Filter, I have performed Secunia's internet_explorer_7_popup_address_bar_spoofing_test via IE7 running on a fully patched XP SP2 and you can see the result in the screenshot on the left.

"First, the Phishing Filter's browser-based heuristics can help to protect you. These heuristics analyze Web pages in real time and then can warn you about suspicious characteristics if it finds any on the page. If someone attempts to use this issue in a phishing site, the Phishing Filter's heuristics may detect that site as such and warn you," Budd advertised the filter mentioning even the prompt updates to the Phishing Filter's online service.