CVE-2007-1091

Published: Feb 26, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

Affected (4)

Products: Microsoft: Ie, Internet Explorer

Microsoft

2 products

Internet Explorer

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Ie	Version 6.0 sp1
Microsoft Ie	Version 6.0 sp2
Microsoft Ie	Version 7.0
Microsoft Internet Explorer	Version 6.0

References (30)

http://lcamtuf.coredump.cx/ietrap

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html

Source: cve@mitre.org

http://secunia.com/advisories/23014

Source: cve@mitre.org

Patch

http://securityreason.com/securityalert/2291

Source: cve@mitre.org

http://securitytracker.com/id?1018788

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/461023/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/461027/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/482366/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/22680

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA07-282A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2007/0713

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/32647

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/32649

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162

Source: cve@mitre.org

http://lcamtuf.coredump.cx/ietrap