Old Internet Explorer Window Injection Vulnerability strikes to IE7

First we had Internet Explorer 7 “mhtml:” Redirection Information Disclosure issue and then Internet Explorer 7 Popup Address Bar Spoofing Weakness was reported.

Windows Injection case was originally discovered by Secunia Research guys in November 2004 already. MSIE versions 5.01, 5.5 and 6.0 are unpatched still and Mr. Per Gravgaard reported Internet Explorer 7 as affected today via new SA22628 advisory.

Microsoft Internet Explorer team had almost two years to fix the issue but they didn’t fix it.

Test link is located at the following URL:

secunia.com/multiple_browsers_window_injection_vulnerability_test/ 

Share