Information Security News mailing list archives
IE7 vulnerability discovered already
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 19 Oct 2006 05:19:05 -0500 (CDT)
http://www.theinquirer.net/default.aspx?article=35210 By INQUIRER newsdesk 19 October 2006 INSECURITY FIRM Secunia, has already found an insecurity in newly unleashed IE7 The vulnerability can be exploited to disclose potentially sensitive information the firm says, though it gives it just two out of five on its criticality meter. An exasperated Thomas Kristensen, CTO of Secunnia says, "It is the half-year old information disclosure vulnerability which allows malicious sites to sneak on the content of other sites which hasn't been patched in the brand new IE7 release." The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site, the firm notes, here.,[1] The firm posted an online demonstration, of the vulnerability here [2]. [1] http://secunia.com/advisories/22477/ [2] http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/ _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
Current thread:
- IE7 vulnerability discovered already InfoSec News (Oct 19)