Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

IE7 vulnerability discovered already

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 19 Oct 2006 05:19:05 -0500 (CDT)
http://www.theinquirer.net/default.aspx?article=35210

By INQUIRER newsdesk
19 October 2006

INSECURITY FIRM  Secunia, has already found an insecurity in newly 
unleashed IE7

The vulnerability can be exploited to disclose potentially sensitive 
information the firm says, though it gives it just two out of five on 
its criticality meter.

An exasperated Thomas Kristensen, CTO of Secunnia says, "It is the 
half-year old information disclosure vulnerability which allows 
malicious sites to sneak on the content of other sites which hasn't been 
patched in the brand new IE7 release."

The vulnerability is caused due to an error in the handling of 
redirections for URLs with the "mhtml:" URI handler. This can be 
exploited to access documents served from another web site, the firm 
notes, here.,[1]

The firm posted an online demonstration, of the vulnerability here [2]. 

[1] http://secunia.com/advisories/22477/
[2] http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: