Back to search
CVE-2007-1499
Published: Mar 17, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
22966
vdb-entry
x_refsource_BID
2448
third-party-advisory
x_refsource_SREASON
35352
vdb-entry
x_refsource_OSVDB
ADV-2007-0946
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:1715
vdb-entry
signature
x_refsource_OVAL
25627
third-party-advisory
x_refsource_SECUNIA
SSRT071438
vendor-advisory
x_refsource_HP
ie-navcancl-xss(33026)
vdb-entry
x_refsource_XF
1018235
vdb-entry
x_refsource_SECTRACK
24535
third-party-advisory
x_refsource_SECUNIA
ADV-2007-2153
vdb-entry
x_refsource_VUPEN
TA07-163A
third-party-advisory
x_refsource_CERT
http://news.com.com/2100-1002_3-6167410.html
x_refsource_MISC
20070315 Re: Phishing using IE7 local resource vulnerability
mailing-list
x_refsource_BUGTRAQ
20070315 RE: Phishing using IE7 local resource vulnerability
mailing-list
x_refsource_BUGTRAQ
MS07-033
vendor-advisory
x_refsource_MS
20070314 Phishing using IE7 local resource vulnerability
mailing-list
x_refsource_BUGTRAQ
HPSBST02231
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now