Secunia Research Advisory

Internet Explorer 7 "onunload" Event Spoofing Vulnerability


====================================================================== 

                     Secunia Research 23/02/2007                      

   - Internet Explorer 7 "onunload" Event Spoofing Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

The vulnerability is confirmed in Microsoft Internet Explorer 7.

====================================================================== 
2) Severity 

Rating: Less critical
Impact: Spoofing
Where:  Remote

====================================================================== 
3) Vendor's Description of Software 

Internet Explorer 7 provides improved navigation through tabbed
browsing, web search right from the toolbar, advanced printing, easy
discovery, reading and subscription to RSS feeds, and much more.

http://www.microsoft.com/windows/products/winfamily/ie/default.mspx

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Internet Explorer
7, which can be exploited by a malicious website to spoof the address
bar.

The vulnerability is caused due to an error in Internet Explorer 7's
handling of "onunload" events, enabling a malicious website to abort
the loading of a new website. This can be exploited to spoof the
address bar if e.g. the user enters a new website manually in the
address bar, which is commonly exercised as best practice.

The vulnerability is confirmed on a fully patched Windows XP SP2
system running Internet Explorer 7. Other versions may also be
affected. 

====================================================================== 
5) Solution 

Close all browser windows after visiting untrusted websites.

====================================================================== 
6) Time Table 

05/01/2007 - Vendor notified and responded.
16/02/2007 - Further communication with vendor.
23/02/2007 - Public disclosure due to dislosure by third party.

====================================================================== 
7) Credits 

Discovered by Jakob Balle, Secunia Research.

====================================================================== 
8) References

No references available.

====================================================================== 
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

https://www.flexera.com/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general.

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

https://www.flexera.com/company/careers

Secunia offers a FREE mailing list called Secunia Security Advisories:

https://www.flexera.com/secunia_security_advisories/ 

====================================================================== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
https://www.flexera.com/about-us/secunia-research/advisories/sr-2007-1.html

Complete list of vulnerability reports published by Secunia Research:
https://www.flexera.com/about-us/secunia-research/advisories/

======================================================================