| |
 |
| |     | 
Admin
Registered Member
 | Joined Mar 2006
Total Posts : 23 |         | Posted Thursday, April 12, 2007 - 8:08:54 AM (GMT -4) |    | The "First Security Hole" in IE 7
Much was made about the "first vulnerability" that was supposedly found in IE 7. There is in fact a vulnerability, but it's also one that's present in IE 5 and 6, which Microsoft has never corrected, although it's easy for you to work around it.
Denmark-based security firm Secunia reported on Oct. 19 that malicious Web sites could grab data from other sites that had IE 7 windows open. For example, if you happened to be logged in to your online banking application and concurrently visited a hacker site, the bad site could see information from your banking site.
Microsoft developers poo-pooed the weakness, saying in an Oct. 19 blog post that the problem actually exists in an Outlook Express component, not a part of IE 7.
I've examined this claim and find that IE 7 does have a real problem, regardless of whether the code being exploited is considered a part of Outlook Express. In addition, the SANS Internet Storm Center confirmed on Oct. 20 that IE 7 is vulnerable.
Secunia has posted a harmless browser test page that you can use to test your own copy of IE, and I urge you to do so. The firm also provides a description of the problem in two separate advisories: one for IE 7 and the other for IE 5 and 6. | | | |
| Forum Information | All times shown are (GMT -4)
The date/time now is Friday, September 10, 2010 10:58:00 AM
There are a total of 42 posts in 15 threads.
The newest member is GreenBean who joined on 1/21/2010. | Who's Online Now :
1 Guest, 0 Registered members
|
|
|
Internet Explorer Arbitrary Content Disclosure