[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1499Date: (C)2007-03-17   (M)2023-12-22


Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018235
http://www.securityfocus.com/archive/1/462833/100/0/threaded
http://www.securityfocus.com/archive/1/462945/100/0/threaded
http://www.securityfocus.com/archive/1/462939/100/0/threaded
BID-22966
SREASON-2448
SECUNIA-24535
SECUNIA-25627
OSVDB-35352
ADV-2007-0946
ADV-2007-2153
MS07-033
SSRT071438
TA07-163A
http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx
http://news.com.com/2100-1002_3-6167410.html
ie-navcancl-xss(33026)
oval:org.mitre.oval:def:1715

CPE    2
cpe:/o:microsoft:windows_xp
cpe:/o:microsoft:windows_vista
CWE    1
CWE-79
OVAL    1
oval:org.mitre.oval:def:1715

© SecPod Technologies