First IE7 Vulnerability Discovered

Not even out 24 hours yet and a new vulnerability is discovered in IE7, it was discovered by Secunia and released today. It involves the handling of redirections for URLs with the “mhtml:” URI handler.

A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error in the handling of redirections for URLs with the “mhtml:” URI handler. This can be exploited to access documents served from another web site.

Secunia has constructed a test, which is available at:
http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/

Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.

The solution they have listed is to disable active scripting support, and since there is now patch yet, if you use the test link they created above and find yourself vulnerable, you may want to consider disabling it until a patch is released.

Added: Saw this post on ha.ckers.org that says it allows anyone with control over a webserver to control anything you do with any page you can connect to.

This is some of the worst ownage I?ve seen in a long time. Secunia announced a really nasty cross domain leak for Internet Explorer. This allows anyone with control over a webserver to control anything you do with any page you can connect to. It?s interesting that Secunia marked it as a ?less critical? threat, as this pretty much gives any attacker read access to any domain anywhere as long as you are using Internet Explorer 6.0 or 7.0.

The only saving grace here is that it does require access to a server where you can write HTTP headers (or somewhere that you can do header injection/redirection) as you need to force the browser to go to a certain URL which then redirects to another URL.

So, they make it sound like it could be more critical than less critical, hehe. They say it will allow “complete ownage” of the internet for users of Internet Explorer. And three more weeks until the next patch Tuesday. Could be a long month.