Vulnerability discovered in Microsoft's IE7

Bug found, but difficult to exploit


20 October 2006 12:20 GMT / By Amber Maitland

Security analysts are working overtime on Internet Explorer 7, released by Microsoft this week for download. Secunia, a Danish security firm, has already found a bug that could give hackers access to sensitive information.

The flaw theoretically allows hackers to steal user information as they type it in, like passwords and login details. However, in order for it to be exploited, the target has to have a window open to the malicious site from the hacker, and type login details in to another window.

Secunia has rated the flaw “less critical”. An advisory on the website says “The vulnerability is caused due to an error in the handline of redirections for URLs with the 'mhtml:' URI handler. This can be exploited to access documents served from another website”.

Secunia apprently found the same flaw in IE6, but it remains unpatched, so it would seem the Microsoft doesn't regard the bug as a serious threaten.
Related
Full tags
Software, PC software, Browsers, Microsoft, Viruses And Malware, Internet Explorer

share print story pdf email story

Recommended articles

Search

Loading

Best iPad 2 apps

We detail the best iPad 2 and iPad apps in the app store Which iPad app should you download?

Windows 8

All the features and details of the new Microsoft operating system explained What's new in Windows 8?

iPad 3 rumours

What comes next? We look at the possible features, leaks, images, specs and more

Pocket-lint poll

Q. Will you be buying a PS Vita?

Vote YES Vote NO

» LAST TIME
When asked Will Samsung be making a mistake if the Galaxy S III isn't shown at Mobile World Congress in February? 51% said yes and 49% said no