Tips Dr.com


Video Tutorials - Second Life - Latest Computer Deals - Tech Jobs - Free Tech Magazines - Security
  • Register
    • For the very latest computer deals, check out the computer deals on twitter!
    « IE7 Has Trouble with Google Websites    Windows XP Service Pack 3 Delayed Again »


    First IE7 Vulnerability Discovered

    Jimmy Daniels - Filed under: IE7, Security

    Not even out 24 hours yet and a new vulnerability is discovered in IE7, it was discovered by Secunia and released today. It involves the handling of redirections for URLs with the “mhtml:” URI handler.

    A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

    The vulnerability is caused due to an error in the handling of redirections for URLs with the “mhtml:” URI handler. This can be exploited to access documents served from another web site.

    Secunia has constructed a test, which is available at:
    http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/

    Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.

    The solution they have listed is to disable active scripting support, and since there is now patch yet, if you use the test link they created above and find yourself vulnerable, you may want to consider disabling it until a patch is released.

    Added: Saw this post on ha.ckers.org that says it allows anyone with control over a webserver to control anything you do with any page you can connect to.

    This is some of the worst ownage I?ve seen in a long time. Secunia announced a really nasty cross domain leak for Internet Explorer. This allows anyone with control over a webserver to control anything you do with any page you can connect to. It?s interesting that Secunia marked it as a ?less critical? threat, as this pretty much gives any attacker read access to any domain anywhere as long as you are using Internet Explorer 6.0 or 7.0.

    The only saving grace here is that it does require access to a server where you can write HTTP headers (or somewhere that you can do header injection/redirection) as you need to force the browser to go to a certain URL which then redirects to another URL.

    So, they make it sound like it could be more critical than less critical, hehe. They say it will allow “complete ownage” of the internet for users of Internet Explorer. And three more weeks until the next patch Tuesday. Could be a long month.


    1:24 pm |




  • Popular Tags



    • 2 Comments »

    1. [...] By Jimmy Daniels Contributing Writer, RealTechNews [...]

      Pingback by Alice Hill’s Real Tech News - Independent Tech» Blog Archive » First IE7 Vulnerability Discovered — October 19, 2006 @ 2:12 pm

    2. [...] I posted earlier about the first IE7 vulnerability, found by Secunia, well, apparently, its actually a flaw in Outlook Express, from the Microsoft Security Response Center Blog, These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express. [...]

      Pingback by » First IE7 Flaw is Actually Outlook Express Flaw || Tech News and Tips from Tipsdr.com || — October 24, 2006 @ 3:13 am

    RSS feed for comments on this post. | TrackBack URI

    Leave a comment

    XHTML ( You can use these tags): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> .

    « IE7 Has Trouble with Google Websites    Windows XP Service Pack 3 Delayed Again »