Researchers from Secunia have located yet another security flaw in IE7. Embarrassingly for Microsoft, this is a version of a security problem originally found in Microsoft IE6. The discovery of the flaw follows Secunia's discovery of a similar vulnerability last Wednesday - a bug that remains unpatched.
The Danish security consultancy has posted an advisory on the latest flaw. Thomas Kristensen, Secunia's chief technology officer said that the vulnerability would allow a user to visit a website specially crafted by an attacker, to open a "trusted" site such as a bank that has a pop-up window,. The attacker could then put new content into the pop-up. This could enable the attacker to ask a user for financial information or passwords, Kristensen said.
Last week, Secunia revelaed the existence of an earlier flaw, which could also be used as a basis for spoofing attacks.
When the new problem was revealed in June 2004, Microsoft gave instructions for a workaround for IE6: disable the setting "Navigate sub-frames across different domains." That setting is disabled by default in IE7, but does not appear to prevent the attack, Kristensen said.
Microsoft has been notified of the flaw, which was submitted to Secunia by a user, Kristensen said. Microsoft officials did not have an immediate comment on Monday morning.
Secunia rated the problem as "moderately critical," but Kristensen said the company was not aware of sites trying to exploit the flaw.
An alert user might notice that they're under attack: Since the URL for the pop-up window is visible, it may be possible to identify a fraudulent request for password information, for example. But "it would require you to pay some attention to the address bar," Kristensen said.
However, a clever attacker could also use this problem in combination with the pop-up spoofing weakness identified last week.