iTWire - Serious flaw revealed in one-day old IE7

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Serious flaw revealed in one-day old IE7

Serious flaw revealed in one-day old IE7

E-mail

by Stan Beer
Friday, 20 October 2006
Danish security firm Secunia has discovered a serious vulnerability in Internet Explorer 7 within one day of the browser going live to the market. Featured Whitepaper 5 Best Practices for Smartphone Support According to the Secunia advisory, the IE7 vulnerability can be exploited by malicious people to disclose potentially sensitive information. The advisory states that the vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site. What that means is that if a user visits multiple websites - as users often do - if one of them happens to a malicious site exploiting the flaw, the attackers can gain access any information entered on other sites, such as user names and passwords. If one of those sites happens to be an online banking site, that could present a serious problem. Secunia says on its website that it has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected. News of the vulnerability is likely to be an embarrassment to Microsoft, which has largely promoted IE7 as being a much more secure browser product than its predecessor. However, the very same flaw exists on IE6 but has not been patched for the upgraded version. Microsoft plans to push IE7 to Windows XP users through its automatic update system during November. However, users will have a choice to accept the update or to opt out. At the time of writing, Microsoft had not responded to the security alert.{moscomment} Tags See All Tags Internet Microsoft Security Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Internet Security Predictions for 2010 from AVG (AU/NZ)

Frost & Sullivan Awards Websense Australian Secure Content Management Vendor of The Year

TANDBERG Awarded Australia Video Conferencing Vendor Of The Year By Frost & Sullivan

World Leader in IT Power Management Appoints Channel Partner for South Pacific

MicroStrategy Reporting Suite Provides Seamless BI Reporting for Microsoft Analysis Services

Thunderhead Appoints Phil Walker as Managing Director of Asia Pacific and Europe

Heathrow Airport Terminal 5 Live with Progress Software

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking