http://www.theinquirer.net/default.aspx?article=35210 By INQUIRER newsdesk 19 October 2006 INSECURITY FIRM Secunia, has already found an insecurity in newly unleashed IE7 The vulnerability can be exploited to disclose potentially sensitive information the firm says, though it gives it just two out of five on its criticality meter. An exasperated Thomas Kristensen, CTO of Secunnia says, "It is the half-year old information disclosure vulnerability which allows malicious sites to sneak on the content of other sites which hasn't been patched in the brand new IE7 release." The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site, the firm notes, here.,[1] The firm posted an online demonstration, of the vulnerability here [2]. [1] http://secunia.com/advisories/22477/ [2] http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/ _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Oct 19 2006 - 03:39:09 PDT