Description
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Aviv Raff · textremotewindows
https://www.exploit-db.com/exploits/29741
References (18)
Core 18
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22966
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2448
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35352
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0946
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25627
Vendor Advisory x_refsource_misc
http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/archive/1/471947/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33026
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018235
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24535
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2153
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
Various Sources x_refsource_misc
http://news.com.com/2100-1002_3-6167410.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462939/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462945/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462833/100/0/threaded
Scores
EPSS
0.6680
EPSS Percentile
98.6%
Details
CWE
CWE-79
Status
published
Products (1)
microsoft/ie
7.0
Published
Mar 17, 2007
Tracked Since
Feb 18, 2026