"Moderately Critical" Security Flaw in IE Discovered

The Security website Secunia announced a new security issue with Microsoft's Internet Explorer browser.

JavaScriptSearch
Friday, April 7, 2006; 01:45 AM

The security website Secunia announced a new security issue with Microsoft's Internet Explorer browser.  The vulnerability can be exploited to spoof the address bar in a browser window showing web content from a malicious web site.

Secunia has provided a test page where users can check whether their browser is affected by the vulnerabity.  The address is http://secunia.com/ Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/.

Secunia confirmed the security flaw on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (March edition). Other versions may also be affected.

A "moderately critical" flaw is the third level in Secunia's five-grade severity scale.  It is "typically used for remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allows system compromises but require user interaction."