Internet Explorer
The flaw lies in the way Internet Explorer handles failed page loadings
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Internet Explorer flaw leads to phishing attack

Hackers may be able to manipulate error page

Shaun Nichols in California, vnunet.com 19 Mar 2007
ADVERTISEMENT

A newly uncovered vulnerability in Microsoft's Internet Explorer could allow attackers to launch a phishing attack. 

Security firm Secunia said that the flaw lies in the way Internet Explorer handles failed page loadings. When a page fails to load or cannot be found, a default HTML file known as 'navcancl.htm' is normally displayed. 

The page contains a message that the requested file could not be accessed along with a button that reloads the page.

The attack is carried out when a user visits an attacker's site. The site causes the 'navcancl' page to load and then manipulates the refresh button to redirect the user to a phishing site.

"While some may argue that such an attack requires too many steps, if you think about it, anyone who surfs the internet performs the same exact steps all the time: surf, fail to access the page, refresh," said Secunia technical writer Ina Ragragio.

The vulnerability is classified as 'less critical', the second of Secunia's five security alert levels.

A Microsoft spokesperson told vnunet.com that the company is investigating the reports. 

Microsoft and Secunia have not received any reports of attackers actively targeting the vulnerability.

See also:

Phishing
UK banking fraud leaps 44 per cent
Chip and Pin protection pushing scams abroad  14 Mar 2007
Internet gives birth to 'Generation C'
End of the road for Generation X  12 Mar 2007
Computer virus
Storm Worm crashes February malware charts
Malware disguises itself to look like harmless code  02 Mar 2007
Online poker
Phishing attack targets PartyPoker
Hackers raise the stakes  22 Feb 2007
Home wireless networks wide open
Half of all home wireless systems open to attack  20 Feb 2007

All Bugs & Fixes

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Software Developer/SQL Specialists
United Kingdom | MI5 Security Service
Software Developer/SQL Specialists Working for MI5 you will use your expertise to protect the UK from terrorism, espionage and other threats to national security. You'll be joining a team that provides essential technical analysis and ... more >
IT Services -Systems Specialist
London, United Kingdom | London School of Economics
  IT Services -Systems Specialist  (Business Continuity), Salary: £38,212 - £44,264 p.a. 2 years fixed-term LSE is a cosmopolitan community in the centre of London focusing on the study of the social sciences. IT Services ... more >
Project Manager
Leeds, United Kingdom | NHS Connecting Health
  Project Manager, Leeds, up to £53k  NHS Connecting for Health is an agency of the Department of Health supporting the NHS to deliver better, safer care to patients, by bringing in new computer systems ... more >
Assistant Forensic Computer Analyst - Police Headquarters
Maidstone, United Kingdom | Kent Police
  Assistant Forensic Computer Analyst - Police Headquarters, Maidstone, £20,164 - £23,632 Permanent Contract Digital devices and information communication technology are present in almost every investigation the police service undertakes. Kent Police Digital Forensics Unit ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Feedback . Contacts
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503