- home
- reviews
- news
- downloads
- cnet tv
On TV.com: TOP 10 Shows CANCELED Too Soon
- log in
- join CNET
- welcome,
- my profile
- log out

Find tech advice for business here

Hardware

Software & services

Networking & communications

Buying guides

Rob Vamosi's
award-winning
column on Internet threats and how to counter them
Delivered Mondays

All free newsletters

CNET Security Center: Your complete source of antivirus and Internet security information.

Internet Explorer onUnload flaw CVE-2007-1091
A serious flaw in IE causes a denial of service attack (crash) or could allow remote access.
By Robert Vamosi (March 12, 2007)

QUICK FACTS

Name: Internet Explorer onUnload flaw CVE-2007-1091

Date first reported: 02/27/07

Vulnerable software: Internet Explorer, Version 7 and earlier

What it does: Causes a denial-of-service (crash) and can allow remote access.

Recommendations: None

Exploit code available: No

Vendor patch available: No

7
out of 10

INTERNET THREAT RATING
How we rate

This flaw prevents users from leaving a site, and allows remote attackers to spoof the address bar, conduct phishing, and other attacks on vulnerabile systems. The flaw is within the onUnload Javascript handlers.

Additional Resources:

US-CERT: CVE-2007-1091
Frsirt: 0713
Secunia: 2304
Full Disclosure: 52630

Reviews & advice: Site map; Editorial policies; Meet the editors; How we test; Forums; Internet speed test

Popular topics: Apple iPhone; Apple iPod; Cell phones; Dell; GPS; LCD TV

CNET sites: CNET Site map; CNET TV; Downloads; News; Reviews; Shopper.com

More information: Newsletters; CNET Mobile; Customer Help Center; RSS; CNET Widgets; About CNET