TELECOM Digest OnLine - Sorted: First IE 7 Security Flaw Already Found!

First IE 7 Security Flaw Already Found!

Peter Sayer, IDG (idg@telecom-digest.org)
Thu, 19 Oct 2006 13:15:01 -0500

Review Index Sorted By: [ date ][ thread ][ subject ][ author ]
Next message: USTelecom dailyLead: "Verizon to Spin Off Directories Business"
Previous message: Daisuke Wakabayashi: "Microsoft Releases Explorer 7"
TELECOM Digest: Home Page

by Peter Sayer, IDG News Service

Less than 24 hours after the launch of Internet Explorer 7, security
researchers are poking holes in the new browser.

Danish security company Secunia reported today that IE7 contains an
information disclosure vulnerability, the same one it reported in IE6
in April. The vulnerability affects the final version of IE7 running
on Windows XP with Service Pack 2.

If a surfer uses IE7 to visit a maliciously crafted Web site, that
site could exploit the security flaw to read information from a
separate, secure site to which the surfer is logged in. That could
enable an attacker to read banking details, or messages from a
Web-mail account, said Thomas Kristensen, Secunia's chief technology
officer.

"A phishing attack would be a good place to exploit this," he said.

One of the security features Microsoft touts for the new browser is
the protection it offers users from phishing attacks.

Flaw Not Easy to Exploit

Secunia rates the security flaw as "less critical," its second-lowest
rating, and suggests disabling active scripting support to protect the
computer. The flaw could result in the exposure of sensitive
information and can be exploited by a remote system, Secunia said in a
security advisory posted on its Web site.

It is hard to exploit the flaw because it requires the attacker to lure
someone to a malicious site, and for the attacker to know what other
secure site the visitor might simultaneously have open, Kristensen said.

"A quick user browsing through our Web site using IE7 found it failed
one of our tests," he said.

The company then verified the information, notified Microsoft and
published a proof-of-concept exploit on its Web site.

Copyright 2006 PC World Communications, Inc.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html

For more tech news and headlines each day, please go to:
http://telecom-digest.org/td-extra/technews.html

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: USTelecom dailyLead: "Verizon to Spin Off Directories Business"
Go to Previous message: Daisuke Wakabayashi: "Microsoft Releases Explorer 7"

TELECOM Digest: Home Page

Post Followup Article	Use your browser's quoting feature to quote article into reply
Go to Next message: USTelecom dailyLead: "Verizon to Spin Off Directories Business"
Go to Previous message: Daisuke Wakabayashi: "Microsoft Releases Explorer 7"
TELECOM Digest: Home Page