Microsoft confirmed a vulnerability today in the address bar of Internet Explorer 7. First reported by security firm Secunia on Wednesday, the issue occurs in popup windows. It is possible to display a somewhat spoofed address bar, the company said.

Due to this issue, a specially crafted URL with special characters may hide portions of the address. This could open the user up to attacks, including performing actions that it may not be aware of. Secunia has rated the issue as "less critical," its second lowest rating.


No attacks using this flaw are currently known, Microsoft said. It also recommended users make use of the Microsoft Phishing Filter that is included within IE7.

BetaNews