IE7 - First Day

[Zeus_Hunt]

Microsoft has failed to respond in any manner to the security company Secunia, which claims that it has discovered a vulnerability in Internet Explorer 7 in the very same day the browser was launched. Well, it couldn't have been a smooth debut for IE7, as it certainly won't be a smooth ride, but this is a case of the proverbial starting on the wrong foot.

“The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site. Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected,” revealed Secunia.

Secunia is also making available a test accessible via this link.

For a failed test, Secunia displays the following message: “Your browser is vulnerable! The test retrieved content from news.google.com in the context of your browser. This actually means that if you were logged into your bank account, any web site you are visiting would be able to retrieve confidential data from your bank. This could also be used to retrieve personal settings entered on sites like eBay or Paypal.”

View: Original Article

[Zeus_Hunt]

Checked the link

I got this with IE6

But this made me smile

Wonder which browser that would be :D

[ranji]

I don't believe this just checked the link on IE 7 and guess what

same Image

And it says "Your browser is vulnerable! The test retrieved content from news.google.com in the context of your browser.

This actually means that if you were logged into your bank account, any web site you are visiting would be able to retrieve confidential data from your bank. This could also be used to retrieve personal settings entered on sites like eBay or Paypal."

I'm glad that I had downloaded FF2.0 RC3

[Zeus_Hunt]

Now according to Christopher Budd (SECURITY PROGRAM MANAGER) in his Blog ....

These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express.

[ROMANTICGUY50]

Now according to Christopher Budd (SECURITY PROGRAM MANAGER) in his Blog ....

These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express.

Yeah I tried it on IE and it came back like u all said. Glad I use FireFox

[dMog]

i think it is an outlook express problem so get ALL the current updates if you use IE...or.... stick to firefox and opera

[Guest WuDiLanJieLang]

totally agreed :o

ie7 are crap :sneaky:

[Guest Stormrage]

Well i also think that the problem is in Outlook not IE7, because, i use a slipstreamed version of xp, and since i hate Outlook i removed Outlook Express from the setup disc with N-Lite.

My Internet Explorer 7 passes the test.

So, i reckon it isnt in the IE7, that the problem lies. It is just the crappy Outlook.