Internet Explorer
The flaw lies in the way Internet Explorer handles failed page loadings
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Internet Explorer flaw leads to phishing attack

Hackers may be able to manipulate error page

Shaun Nichols in California, vnunet.com 19 Mar 2007
ADVERTISEMENT

A newly uncovered vulnerability in Microsoft's Internet Explorer could allow attackers to launch a phishing attack. 

Security firm Secunia said that the flaw lies in the way Internet Explorer handles failed page loadings. When a page fails to load or cannot be found, a default HTML file known as 'navcancl.htm' is normally displayed. 

The page contains a message that the requested file could not be accessed along with a button that reloads the page.

The attack is carried out when a user visits an attacker's site. The site causes the 'navcancl' page to load and then manipulates the refresh button to redirect the user to a phishing site.

"While some may argue that such an attack requires too many steps, if you think about it, anyone who surfs the internet performs the same exact steps all the time: surf, fail to access the page, refresh," said Secunia technical writer Ina Ragragio.

The vulnerability is classified as 'less critical', the second of Secunia's five security alert levels.

A Microsoft spokesperson told vnunet.com that the company is investigating the reports. 

Microsoft and Secunia have not received any reports of attackers actively targeting the vulnerability.

See also:

Phishing
UK banking fraud leaps 44 per cent
Chip and Pin protection pushing scams abroad  14 Mar 2007
Internet gives birth to 'Generation C'
End of the road for Generation X  12 Mar 2007
Computer virus
Storm Worm crashes February malware charts
Malware disguises itself to look like harmless code  02 Mar 2007
Online poker
Phishing attack targets PartyPoker
Hackers raise the stakes  22 Feb 2007
Home wireless networks wide open
Half of all home wireless systems open to attack  20 Feb 2007

All Bugs & Fixes

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
I.T Technical Specialist
Inverness, United Kingdom | NHS Scotland
CORPORATE SERVICES E-HEALTH DEPARTMENT  RAIGMORE HOSPITAL INVERNESS TECHNICAL DEVELOPMENT TEAM IT TECHNICAL SPECIALIST  £24,103 to £32,653 PA An exciting opportunity has arisen to join the technical development team within the eHealth Department. We are looking ... more >
ICT Support Officer
London, United Kingdom | City of London
ICT Support Officer £27,320 - £33,370 pa inc. depending on experience (pay award pending) Maternity cover for up to one year Guildhall, London EC2 Bring your IT experience to one of the country's most prestigious ... more >
Web Content Manager
London, United Kingdom | Royal Borough of Kensington and Chelsea
Web Content Manager - c.£40,000 plus bonus - London   As one of the country's best-performing councils, we're always looking for new ways to improve on excellence. Providing an innovative, high-quality internet site for our ... more >
PMO Support Analyst
Telford, Shropshire, United Kingdom | EDS
EDS are currently looking to recruit a PMO Support Analyst to join our Project Management Defence team in Telford, Shropshire. Summary: Within DII Service Management. To perform the PMO function for SM Service Introduction. This ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Feedback . Contacts
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503