CVE-2007-1499 Information

Description

Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument which displays the URL in the location bar of the \Navigation Canceled\ page and injects the script into the \Refresh the page\ link aka Navigation Cancel Page Spoofing Vulnerability.\

Reference

http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx http://news.com.com/2100-1002_3-6167410.html http://osvdb.org/35352 http://secunia.com/advisories/24535 http://secunia.com/advisories/25627 http://securityreason.com/securityalert/2448 http://securitytracker.com/id?1018235 http://www.securityfocus.com/archive/1/462833/100/0/threaded http://www.securityfocus.com/archive/1/462939/100/0/threaded http://www.securityfocus.com/archive/1/462945/100/0/threaded http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/bid/22966 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/0946 http://www.vupen.com/english/advisories/2007/2153 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/33026 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1715