Skip to content
October 27, 2006 / windperson

IE 7的漏洞(在Windows XP sp2的環境)

Internet Explorer 7 "mhtml:" Redirection Information Disclosure:
簡略敘述:
IE 7在處理URL為".mhtml"類型的網址重新導向時,很可能會導致瀏覽器端的某些資訊在使用者未知情的狀態下被暗中傳送到另一個網站。
預防方法:
關閉IE7"支援Active Scripting"的選項(不過這會導致某些在瀏覽器內的使用者輸入操作失常,如瀏覽器內的Blog編輯),在[網際網路選項][安全性][自訂層級]中設定。

Internet Explorer 7 Popup Address Bar Spoofing Weakness:
簡略敘述:
在點進有心人製造的超連結之後,很會出現彈出式視窗,其網址列所標示的網址是偽造的,不一定和彈出式視窗所顯示的網頁相同。
預防方法:
別亂點超連結,並且別在不信任的網站上輸入機密資訊。

Internet Explorer 7 Window Injection Vulnerability:
Description:
A website can inject content into another site’s window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
Solution:
Do not browse untrusted sites while browsing trusted sites.
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: