|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2310 CVE : CVE-2007-1095 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : Michal Zalewski Published : 02.03.2007
Advisory Text : There is a cool combination-type vulnerability in MSIE7 that allows the attacker to: a) Trap the visitor in a Matrix-esque tarpit webpage that cannot be left by normal means (this is a known brain-damaged design of onUnload Javascript handlers), b) Spoof transitions between pages so that the user thinks he actually managed to leave the affected site, and so that the URL bar displays other addresses we didn't actually go to. This opens a plethora of spoofing / phishing scenarios, and is generally quite nasty. More information and a pretty demo is available here: http://lcamtuf.coredump.cx/ietrap/ Firefox isn't outright vulnerable to this problem, but judging from its behavior, it is likely to be susceptible to a variant of this bug (it exhibits the same behavior, but we end up with a corrupted page instead); I will research it once I get some sleep. Cheers, /mz  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |