Follow up on „Secunia: Internet Explorer 7 Popup Address Bar Spoofing Weakness“
MSRC BLOG: This is Christopher Budd. I wanted to take a moment and let people know some information about a new public report about a possible vulnerability in Internet Explorer we’ve received today. As soon as we learned of the report we started an investigation into the issue and we have some information we can share on this.
First, this is an issue with how URLs are displayed in the address bar. Specifically, we’ve seen that this occurs in a pop-up window after a user clicks a specially formed link on an untrusted website or in an untrusted e-mail.
Now, while the full URL is actually present in the address bar, the left part of the URL is not initially displayed. But, you can see the full URL if you either click in the browser window or in the address bar and then scroll within the address bar.
We’re not aware of any attacks that are attempting to use this, but as always we will continue to monitor the situation throughout our investigation.
…..
We do have this issue under investigation and as always, once we complete our investigation we’ll take appropriate steps to protect our customers.
Full Story At blogs.technet.com