Stan Beer
Friday, 20 October 2006 18:57
Your IT -
Home IT
Page 1 of 2
Danish security vendor Secunia has hit back at Microsoft's claims that details of the newly discovered flaw in Internet Explorer 7 are innacurate, saying that IE7 is the primary and possibly the only attack vector through which the flaw can be exploited.
According to a Secunia advisory, if a user visits
multiple websites using IE7, if one of them happens to a malicious site
exploiting the flaw, attackers can gain access any information entered
on other sites, such as user names and passwords.
In response to the recent Secunia announcement of the IE7 flaw,
Microsoft claimed the IE7 vulnerability is in fact an Outlook Express
vulnerability.
However, in an email to iTWire, the chief technology officer of Secunia
Thomas Kristensen disputed Microsoft's assertion that Outlook Express
rather than IE7 was the problem.
"This may be true - from an organisational point of view within
Microsoft. However, the vulnerability is fully exploitable via IE,
which is the primary attack vector, if not the only attack vector,"
said Kristensen.
"Just because a vulnerability stems from an underlying component does
not relieve IE or any other piece of software from responsibility when
it provides a clear direct vector to the vulnerable
component."
LATEST HEADLINES FROM YOUR IT
