In association with heise online

19 October 2006, 15:00

First security vulnerability in Internet Explorer 7

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft has only just released Internet Explorer 7 and already security services provider Secunia has registered the first security vulnerability in the new browser. Surprisingly for a new version of the browser which entailed a significant rewrite, this vulnerability is a carry-over from Internet Explorer 6, described in April 2006. According to Secunia, the vulnerability allows an attacker to scout out confidential information from opened websites.

Secunia has also prepared a website to demonstrate the vulnerability, which, after clicking on a link, attempts to read content from news.google.com. This was successful on a heise Security test computer running a fully patched Windows XP SP2 and the final version of Internet Explorer 7 just released.

The bug, which affects both Internet Explorer 6 and the new version 7 of Microsoft's web browser, is based on incorrect handling of redirects for mhtml:// URLs. To get around the problem, the security services provider suggests deactivating active scripting. Users who wish to wait and do not want Internet Explorer 7 to be installed on their computer automatically at the start of November will find help at hand in an article on heise Security.

See also:

(ehe)

Print Version | Send by email | Permalink: http://h-online.com/-731673
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit