Vulnerability discovered in Microsoft's IE7
Bug found, but difficult to exploit
20 October 2006 12:20 GMT / By Amber Maitland
Security analysts are working overtime on Internet Explorer 7, released by Microsoft this week for download. Secunia, a Danish security firm, has already found a bug that could give hackers access to sensitive information.
The flaw theoretically allows hackers to steal user information as they type it in, like passwords and login details. However, in order for it to be exploited, the target has to have a window open to the malicious site from the hacker, and type login details in to another window.
Secunia has rated the flaw “less critical”. An advisory on the website says “The vulnerability is caused due to an error in the handline of redirections for URLs with the 'mhtml:' URI handler. This can be exploited to access documents served from another website”.
Secunia apprently found the same flaw in IE6, but it remains unpatched, so it would seem the Microsoft doesn't regard the bug as a serious threaten.
PHONES
Nokia N900 mobile phone Will this revive Nokia's fortunes?
PHONES
PHOTOS: First ELSE hands-on Up close and personal
AUDIO
Vodafone Pocket-lint Gadget Awards date confirmed and tickets on sale Get your tickets today




Comments