Vulnerabilities > CVE-2007-3826 - Unspecified vulnerability in Microsoft Internet Explorer 7
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Application | 1 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS07-057.NASL |
description | The remote host is missing the IE cumulative security update 939653. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 26963 |
published | 2007-10-09 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/26963 |
title | MS07-057: Cumulative Security Update for Internet Explorer (939653) |
code |
|
Oval
accepted | 2014-02-24T04:03:12.273-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:2324 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2007-10-10T04:39:42 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Address Bar Spoofing Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 73 |
References
- http://lcamtuf.coredump.cx/ietrap3/
- http://www.securityfocus.com/bid/24911
- http://secunia.com/advisories/26069
- http://www.us-cert.gov/cas/techalerts/TA07-282A.html
- http://securitytracker.com/id?1018788
- http://securityreason.com/securityalert/2892
- http://osvdb.org/38212
- http://www.vupen.com/english/advisories/2007/2540
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35421
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2324
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057
- http://www.securityfocus.com/archive/1/482366/100/0/threaded
- http://www.securityfocus.com/archive/1/473702/100/0/threaded