Oct 19 2006
IE7 is more secure?
Less than 24 hours after the launch of Internet Explorer 7, security researchers are poking holes in the new browser.
Danish security company Secunia ApS reported Thursday that IE7 contains an information disclosure vulnerability, the same one it reported in IE6 in April. The vulnerability affects the final version of IE7 running on Windows XP with Service Pack 2.
If a surfer uses IE7 to visit a maliciously crafted Web site, that site could exploit the security flaw to read information from a separate, secure site to which the surfer is logged in. That could enable an attacker to read banking details, or messages from a Web-mail account, said Thomas Kristensen, Secunia’s chief technology officer.
“A phishing attack would be a good place to exploit this,” he said.
Wow… That didn’t take long. Ironic how this is one is something that’s already been patched. Very similar to the way that various errors in the TCP stack that were fixed years ago re-appeared in the new virginal stack included with Windows Vista.
Oh well… So much for all that much ballyhooed security. The lesson learned is that Microsoft has learned no lesson.
Technorati Tags: microsoft, ie7, internet explorer, internet explorer 7
October 19th, 2006 at 10:29 pm
Read the IEBlog.. it’s not an actual IE7 vulnerability, but a vulnerability in a Outlook Express component (the vulnerability works in IE6, too.) They’re working on it.
October 19th, 2006 at 10:43 pm
Since April?
March 23rd, 2007 at 3:19 pm
insignificant thoughts » Blog Archive » IE7 Bug Has Potential to Cause Lots Of Crap
[...] So Nick told me in the comments of one of my posts to read the IE Blog when I noted the discovery in the nowhere-near-old version of IE 7 of a pretty serious bug. I didn’t need to go far, though, to find out that the bug isn’t one in Outlook Express, as most seem to be insinuating, but a more serious bug that possibly runs a lot deeper. [...]