Serious flaw revealed in one-day old IE7

Home IT

Danish security firm Secunia has discovered a serious vulnerability in Internet Explorer 7 within one day of the browser going live to the market.

According to the Secunia advisory, the IE7 vulnerability can be exploited by malicious people to disclose potentially sensitive information.

The advisory states that the vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.

What that means is that if a user visits multiple websites - as users often do - if one of them happens to a malicious site exploiting the flaw, the attackers can gain access any information entered on other sites, such as user names and passwords. If one of those sites happens to be an online banking site, that could present a serious problem.

Secunia says on its website that it has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.

News of the vulnerability is likely to be an embarrassment to Microsoft, which has largely promoted IE7 as being a much more secure browser product than its predecessor. However, the very same flaw exists on IE6 but has not been patched for the upgraded version.

Microsoft plans to push IE7 to Windows XP users through its automatic update system during November. However, users will have a choice to accept the update or to opt out.

At the time of writing, Microsoft had not responded to the security alert.

Please enable JavaScript in your browser to post your comment!

SPONSORED PRESS RELEASES

Websense Security Labs Reports ‘User Trust’ Targeted Attacks; Over 1 in 10 ‘Top Search’ Results Categorised as Malware; Increased Focus on Web 2.0
Websense, Inc. today revealed the findings from its bi-annual research report: Websense Security Labs, State of Internet Security, Q3-Q4 2009.

Featured IT jobs

A varied DBA role that involves multitasking in a dynamic software development environment dealing with challenging customer needs on a daily basis.
Skills Tags:   Linux  Oracle  UAT
A position has just become available for experienced Program/Project Manager to join a large organisation on a major Data Centre upgrade....
Skills Tags:   SAP
URGENT! Experienced BDM needed for senior sales role in Melbourne - must have ITSM consultancy sales experience.
Skills Tags:   C  Development  EDI  IT
CRITICAL INCIDENT COORDINATOR - 24 x 7 shifts - 3 month CONTRACT ONLY...
Skills Tags:   Excel  IT  ITIL  Management  Reporting

Editors Picks

Stories you may have missed 

What iTWire offers for free

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases