Vulnerability found in IE7

Edit: This report is not accurate. For more info, read this news. [Thanks to aMer]

IE7 launch 2 10After few days Microsoft released Internet Explorer 7, new vulnerability has been found in this software. This vulnerability can be exploited by malicious people to disclose potentially sensitive information.

Secunia had make a demonstration tool which is you can check whether your IE7 is vulnerable or not. The test will try to read content from Google News in the context of your browser. This vulnerability is caused by due to an error in handling of redirections for URLs with the “mhtml:” URI handler. And this weak spot can be exploited to access documents served from another web site.

Right now, there is no patch for this vulnerability. But for the moment, you can disable active scripting to prevent from this exploit.

Cypher: Wondering how much new vulnerabilities will be discovered by “techie” guys… 😕 [tags]vulnerable, exploit, ie, ie7, microsoft[/tags]

Comments

  1. haha ie7 is only to check if my wp theme is working or not only and for some minor debug for the theme … and when i feel like i wanna read the news with something new … hahaha …FF is safe from the exploit …

  2. thanks for the info. the new ie doesn’t have the live bookmarking service feature. sometimes it’s a pain to use externet rss feeds reader.. 🙁

    i don’t surprise that ie has the vulnerability since microsoft has never released a perfect product.

  3. I bet, The first service pack would be released on Nov 1st

  4. There is no such thing as a perfect software product unless all it does it print “hello world”, and even then you can get it worng depending on what people expect (color of text, font, size of text, letter spacing, etc).

  5. New vulnerability found in IE7? 😮 That’s not true..Read on..

    These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express.

    Read the whole news on MSFN: http://www.msfn.org/comments.php?shownews=18556

  6. There is no such thing as a perfect software product unless all it does it print “hello world”, and even then you can get it worng depending on what people expect (color of text, font, size of text, letter spacing, etc).

    lol! ..perfect software in this context means a software that does not have such vulnerability ..as you can see, microsoft windows 98, xp all got “big flaws”. AFAIK, Bill gates let his software to be released in a condition like that. they did not fix them upon the first release. [-(

  7. [Comment ID #14950 Will Be Quoted Here]

    thanks for bringing this issue. 🙂

  8. Those of us that work in the software business will understand that you can’t wait for everything to be fixed. Businesses do not have the luxury of time like open source projects, we have to deliver at some point or we lose to competition. Microsoft products have bugs as do many other vendor’s products but the world continues to use them because despite the bugs, the products mainly do what they are designed to. In business you can’t let a few bugs stop you from using great software to keep ahead.

    Any software that becomes massively popular will naturally have more bugs exposed; more people that use something, the more pros and cons are of course going to be realized.