Microsoft has shot back at a report from security firm Secunia claiming that it's analysts have found a flaw in Internet Explorer 7.
A member of the Microsoft Security Response Center, Christopher Budd, has posted a note on the Center's blog to say that the report is inaccurate, as the flaw is in Outlook Express, not IE7. “While these reports use Internet Explorer as a vector, the vulnerability itself is in Outlook Express”, he continues.
“While we are aware that the issue has been publicly disclosed, we're not aware of it being used in any attacks against customers. We do have this under investigation and are monitoring the situation closely, and we'll take appropriate action to protect our customers once we've completed the investigation.”
But a Secunia representative told Cnet News.com that, “Just because a vulnerability stems from an underlying component does not relieve IE or any other piece of software from responsibility when it provides a clear direct vector to the vulnerable component”.