Third IE7 Vulnerability Found

Secunia has posted another vulnerability in Internet Exlorer 7, this one is called Internet Explorer 7 Window Injection Vulnerability, and this is related to a previous vulnerability from IE 6.0, here.

A vulnerability has been discovered in Internet Explorer 7, which can be exploited by malicious people to spoof the content of websites.

The problem is that a website can inject content into another site’s window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. Source: Secunia via

They have constructed a vulnerability test here, and this has been tested on a fully patched system running Windows XP SP2 and IE7.