[LINK] Internet Explorer 7: Less then 24 hours passed an a vulnerability is found
kim at holburn.net
Fri Oct 20 08:59:03 AEST 2006
And a six month old vulnerability no less:
> Secunia has confirmed the vulnerability on a fully patched system
> with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other
> versions may also be affected.
> An exasperated Thomas Kristensen, CTO of Secunnia says, "It is the
> half-year old information disclosure vulnerability which allows
> malicious sites to sneak on the content of other sites which hasn't
> been patched in the brand new IE7 release."
> The vulnerability is caused due to an error in the handling of
> redirections for URLs with the "mhtml:" URI handler. This can be
> exploited to access documents served from another web site, the
> firm notes,
IT Network & Security Consultant
Ph: +61 2 61258620 M: +61 417820641 F: +61 2 6230 6121
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the Link