Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE7 Vulnerability Discovered

Posted by ryuzaki0 on from the that-didn't-take-long dept.

slidersv writes "Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the "you wanted it easier and more secure" slogan found on Microsoft's IE Website."

11 of 386 comments (clear)

  1. Old exploit by Iphtashu+Fitz · · Score: 4, Informative

    This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released.

  2. Re:This is news??? by smooth+wombat · · Score: 3, Informative
    Next time a bug is found in FF, I'm going to contact the media and scream bloody murder.


    It's already been done and found to be a hoax.

    Anything else you want to complain about?

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  3. Let's be fair by Lars+T. · · Score: 5, Informative

    The same problem is known on IE 6 since April 2006

    --

    Lars T.

    To the guy who modded me down from perfect to terrible Karma - Apple haters still suck

    1. Re:Let's be fair by Overly+Critical+Guy · · Score: 3, Informative

      All right, here's just one result from Google: "fundamental rewrite"

      --
      "Sufferin' succotash."
  4. Come on by critter_hunter · · Score: 3, Informative

    It's a "Less critical" vulnerability - not really dangerous at all. Firefox still has equally important unpatched "vulnerabilities" - some of which date back to 2004. Retards.

    --
    Karma: Could be worse (could be raining)
    1. Re:Come on by truthsearch · · Score: 4, Informative

      This IE hole requires no user interaction. Unlike the firefox bugs he links to a simple web page can leverage this IE hole with no extra user input. And considering the URI exploited is used within email I'd imagine Outlook is susceptable, too. So the firefox vulnerabilities mentioned are much less likely to be exploited than this IE hole.

      --
      Developers: We can use your help.
  5. IE7 maybe not vulnerable? by jrsp · · Score: 5, Informative

    IE7, freshly installed this morning, on XP SP2 reports not vulnerable. Perhaps it was already patched, or the exposure is more limited than the post implies...

    Not an MS fan, but truth and accuracy are always good.

    1. Re:IE7 maybe not vulnerable? by truthsearch · · Score: 3, Informative
      Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.

      http://secunia.com/advisories/22477/
      --
      Developers: We can use your help.
  6. Re:Firefox by GuidoW · · Score: 4, Informative

    Excuse, but where did you read that FF has that exact same vulnerability?

    Also, even though FF does have issues, I believe you'll be hard pressed to find a vulnerability in FF that has been known for years and still gone unfixed. (According to heise on http://www.heise-security.co.uk/news/79745 this is actually an old bug that also affects IE 6)

    --
    If it's so secret, then how come I've never heard of it?
  7. Re:two words by l_bratch · · Score: 4, Informative

    Not an issue - domains actually have a dot at the end, in the format, e.g.:

    blabla.tld.

    http://www.google.com/
    http://www.google.com./

    Both work.

  8. Brillant Link. by Bake · · Score: 3, Informative

    Took me all of 3 seconds Googleing for "brillant site:thedailywtf.com".

    Paula's Brillant Bean:

    http://thedailywtf.com/forums/40043/ShowPost.aspx