The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of IE: website spoofing via onUnload

Synthesis of the vulnerability 

An attacker can create a HTML page using the onUnload event in order to entrap victim in a website, and then to create a spoofed content.
Impacted systems: IE.
Severity of this alert: 1/4.
Creation date: 23/02/2007.
Références of this alert: 939653, BID-22680, CVE-2007-1091, MS07-057, VIGILANCE-VUL-6581.

Description of the vulnerability 

The onUnload Javascript event permits to execute code when user leaves a web page.

An attacker can use this event in order to forbid victim to exit the current webpage. Then, when victim enters an url in the address bar, attacker can generate a fake web document. Victim then thinks to be on the new website, whereas he is still on attacker's website.

This vulnerability thus permits to create a phishing attack.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat note impacts software or systems such as IE.

Our Vigil@nce team determined that the severity of this weakness alert is low.

The trust level is of type confirmed by the editor, with an origin of internet server.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer weakness note.

Solutions for this threat 

Internet Explorer: patch.
A patch is available:
Windows 2000 SP4 - Internet Explorer 5.01 SP4
  http://www.microsoft.com/downloads/details.aspx?FamilyId=95827F3F-A984-4E34-A949-D16A0614121A
Windows 2000 SP4 - Internet Explorer 6 SP1
  http://www.microsoft.com/downloads/details.aspx?FamilyId=DF3BA596-7C5B-4151-9884-6957AA884AAB
Windows XP SP2 - Internet Explorer 6
  http://www.microsoft.com/downloads/details.aspx?FamilyId=513A8320-6D36-4FC9-A38A-867192B55B53
Windows XP Professional x64 Gols, SP2 - Internet Explorer 6
  http://www.microsoft.com/downloads/details.aspx?FamilyId=AE8A26D8-1910-4B8C-8A73-6E2FA6B5B29F
Windows 2003 SP1, SP2 - Internet Explorer 6
  http://www.microsoft.com/downloads/details.aspx?FamilyId=4AEFAA38-8757-4E6E-8924-57CABD1C2FC3
Windows 2003 x64 Gold, SP2 - Internet Explorer 6
  http://www.microsoft.com/downloads/details.aspx?FamilyId=88ABA9DD-653B-4CDF-A513-CCA32A7D7E41
Windows 2003 Itanium SP1, SP2 - Internet Explorer 6
  http://www.microsoft.com/downloads/details.aspx?FamilyId=309A8F10-C7EA-4961-A969-092B0C4D7BBC
Windows XP SP2 - Internet Explorer 7
  http://www.microsoft.com/downloads/details.aspx?FamilyId=4CA0AC93-BF51-40FE-A1BA-CB3E0A36D8B5
Windows XP Professional x64 Gols, SP2 - Internet Explorer 7
  http://www.microsoft.com/downloads/details.aspx?FamilyId=DBD284D0-2664-42A4-AD16-A0535244C81C
Windows 2003 SP1, SP2 - Internet Explorer 7
  http://www.microsoft.com/downloads/details.aspx?FamilyId=0A31C451-32F4-4551-AE45-D600F8B3B11B
Windows 2003 x64 Gold, SP2 - Internet Explorer 7
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C1915633-D181-4CA1-A4F0-7CA0F865AA72
Windows 2003 Itanium SP1, SP2 - Internet Explorer 7
  http://www.microsoft.com/downloads/details.aspx?FamilyId=093A2250-3BE3-494F-80E0-89CA7217030F
Windows Vista - Internet Explorer 7
  http://www.microsoft.com/downloads/details.aspx?FamilyId=86392E8D-098C-427F-A233-699CDB9375AE
Windows Vista x64 - Internet Explorer 7
  http://www.microsoft.com/downloads/details.aspx?FamilyId=62490E6D-0A21-4A15-90BD-63CA8F8886B6
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security workaround. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.