This is another vulnerability issue of Internet Explorer 7. Even though this version is more secure than version 6, in connection with a constructional defect in this specific local help it is possible so that an attacker conducts phishing attacks against IE7 user easily.
According to Aviv Raff On this bug affecting Internet Explorer 7.0 for Windows Vista and Windows XP.
In order to achieve a phishing attack, an attacker one can in particular manufacture a crafted link that makes local assistance of navcancl.htm that connection with an index contained falsified of the reliable place of as indicated in the link (for example banks, paypal, MySpace).
If the victim opens the falsified link, which was sent by the attacker, a error page is indicated. The victim thinks that there was connection error and a disturbance instead of the falsified error and tend to refresh the pages. As soon as it refreshed, the error page provided by the attackers will displayed as if the original page and the user will expect that the contents is from the original site because the URL address indicated the reliable places which he intend. Then all submitted user data from that page, obviously could be abused by the attacker.
Suggestion : until Microsoft fixes this vulnerability, do not trust the “Navigation Canceled” page!
Image URL: www.windows-vista-update.com