CVE-2007-1091 - OpenCVE

Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Internet Explorer Ie

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
	cpe:2.3:a:microsoft:ie:6.0:sp2::::::
	cpe:2.3:a:microsoft:ie:7.0::vista:::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

References

Link	Resource
http://lcamtuf.coredump.cx/ietrap
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html
http://secunia.com/advisories/23014	Patch
http://securityreason.com/securityalert/2291
http://securitytracker.com/id?1018788
http://www.securityfocus.com/archive/1/461023/100/0/threaded
http://www.securityfocus.com/archive/1/461027/100/0/threaded
http://www.securityfocus.com/archive/1/482366/100/0/threaded
http://www.securityfocus.com/bid/22680
http://www.us-cert.gov/cas/techalerts/TA07-282A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/0713
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057
https://exchange.xforce.ibmcloud.com/vulnerabilities/32647
https://exchange.xforce.ibmcloud.com/vulnerabilities/32649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-26T11:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-02-26T00:00:00

Link: CVE-2007-1091

JSON object: View

NVD Information

Status : Modified

Published: 2007-02-26T11:28:00.000

Modified: 2021-07-23T12:55:03.667

Link: CVE-2007-1091

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://lcamtuf.coredump.cx/ietrap"}, {"name": "22680", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22680"}, {"name": "ADV-2007-0713", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0713"}, {"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded"}, {"name": "ie-mozilla-onunload-dos(32647)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647"}, {"name": "HPSBST02280", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "23014", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23014"}, {"name": "SSRT071480", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "ie-mozilla-onunload-url-spoofing(32649)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649"}, {"name": "oval:org.mitre.oval:def:2162", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162"}, {"name": "20070223 Secunia Research: Internet Explorer 7 \"onunload\" Event SpoofingVulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded"}, {"name": "1018788", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018788"}, {"name": "2291", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2291"}, {"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html"}, {"name": "MS07-057", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057"}, {"name": "TA07-282A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1091", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://lcamtuf.coredump.cx/ietrap", "refsource": "MISC", "url": "http://lcamtuf.coredump.cx/ietrap"}, {"name": "22680", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22680"}, {"name": "ADV-2007-0713", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0713"}, {"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded"}, {"name": "ie-mozilla-onunload-dos(32647)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647"}, {"name": "HPSBST02280", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "23014", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23014"}, {"name": "SSRT071480", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"name": "ie-mozilla-onunload-url-spoofing(32649)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649"}, {"name": "oval:org.mitre.oval:def:2162", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162"}, {"name": "20070223 Secunia Research: Internet Explorer 7 \"onunload\" Event SpoofingVulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded"}, {"name": "1018788", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018788"}, {"name": "2291", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2291"}, {"name": "20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too)", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html"}, {"name": "MS07-057", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057"}, {"name": "TA07-282A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1091", "datePublished": "2007-02-26T11:00:00", "dateReserved": "2007-02-26T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*", "matchCriteriaId": "3E51CBF2-EFFD-407D-AB34-BDE69EFD60E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers."}, {"lang": "es", "value": "Microsoft Internet Explorer 7 permite a atacantes remotos impedir a los usuarios dejar un sitio, simular la barra de direcciones y llevar a cabo ataques de tipo phishing u otros mediante un gestor de eventos Javascript onUnload."}], "id": "CVE-2007-1091", "lastModified": "2021-07-23T12:55:03.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-02-26T11:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lcamtuf.coredump.cx/ietrap"}, {"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://secunia.com/advisories/23014"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2291"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018788"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461023/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461027/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22680"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0713"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32647"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32649"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2162"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}