[LINK] Internet Explorer 7: Less then 24 hours passed an a vulnerability is found

Kim Holburn kim at holburn.net
Fri Oct 20 08:59:03 AEST 2006

And a six month old vulnerability no less:


> Secunia has confirmed the vulnerability on a fully patched system  
> with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other  
> versions may also be affected.


> An exasperated Thomas Kristensen, CTO of Secunnia says, "It is the  
> half-year old information disclosure vulnerability which allows  
> malicious sites to sneak on the content of other sites which hasn't  
> been patched in the brand new IE7 release."
> The vulnerability is caused due to an error in the handling of  
> redirections for URLs with the "mhtml:" URI handler. This can be  
> exploited to access documents served from another web site, the  
> firm notes,

Kim Holburn
IT Network & Security Consultant
Ph: +61 2 61258620 M: +61 417820641  F: +61 2 6230 6121
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/ 

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list