CVE-2007-3826

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 7 on Windows XP SP2

Description: The issue allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks. This is achieved via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. Spoofing vulnerabilities exist that could allow an attacker to display spoofed content in a browser window, where the address bar and other parts of the trust UI have been navigated away from the attacker's Web site but the content of the window still contains the attacker's Web page.

Recommendations: For Microsoft Internet Explorer 7 on Windows XP SP2, consider disabling the document.open function calls until a patch is available to prevent attackers from spoofing the address bar and conducting phishing attacks. Restrict access to the onBeforeUnload function to minimize the risk of exploitation. Avoid using the document.open function in the affected browser until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.