Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE7 Vulnerability Discovered

Posted by ryuzaki0 on from the that-didn't-take-long dept.

slidersv writes "Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the "you wanted it easier and more secure" slogan found on Microsoft's IE Website."

77 of 386 comments (clear)

  1. two words by doti · · Score: 5, Funny

    ha ha

    --
    factor 966971: 966971
    1. Re:two words by parodyca · · Score: 5, Funny

      but that was only one word..... twice

    2. Re:two words by AKAImBatman · · Score: 5, Funny

      One word: Brillant!

      --
      Javascript + Nintendo DSi = DSiCade
    3. Re:two words by Anonymous Coward · · Score: 2, Informative

      you can't think of all that details when rushing for a first post

    4. Re:two words by knightmad · · Score: 5, Funny

      If you are going to do, at least do it right:

      ha ha

    5. Re:two words by tsjaikdus · · Score: 3, Funny

      What a relief they've found the bug. OK, now it's save to use.

    6. Re:two words by OakDragon · · Score: 2, Informative

      Interesting... but I always think of this when I hear "ha ha."

      --
      Dark Reflection
    7. Re:two words by l_bratch · · Score: 4, Informative

      Not an issue - domains actually have a dot at the end, in the format, e.g.:

      blabla.tld.

      http://www.google.com/
      http://www.google.com./

      Both work.

    8. Re:two words by PhrostyMcByte · · Score: 4, Insightful

      How much you want to bet this guy found the vuln weeks ago, but held off on releasing it so he could brag that he discovered the first IE7 vuln, and it only took him less than 24hr!

    9. Re:two words by PylonHead · · Score: 4, Insightful

      Yes, you're right.. it is traditional when releasing a new version of software to THROW OUT ALL YOUR CODE AND START OVER FROM SCRATCH.

      I love it when people in the cake decorating industry post to slash dot.

      --
      # (/.);;
      - : float -> float -> float =
  2. Re:Firefox by bagboy · · Score: 4, Funny

    What was wrong with gopher???

  3. IE7 Vulnerability Discovered by Rik+Sweeney · · Score: 4, Funny

    In a very motherly voice:

    Oh Microsoft, what are we going to do with you, eh?

    --
    Summation 2
    1. Re:IE7 Vulnerability Discovered by Rohan427 · · Score: 3, Funny

      Format C:. Install any other OS.

      PGA

    2. Re:IE7 Vulnerability Discovered by Mattmgm · · Score: 2, Funny

      obligatory Aliens ref:

      But the only way to be sure is to nuke it from orbit. It's the only way to be (mostly) sure...

  4. Browsers are just too complex by cliffski · · Score: 5, Insightful

    Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users. Granted a lot of stuff is demanded by web develoeprs who want fancy this, animated that, and sliding and fading the other, but to be honest, most of us dont need any of that junk.
    As end users, how much of browser bloat do we really need?
    I think there was a slashdot story asking for feature requests for firefox recently. my main request is this please:

    less of everything

    Its already at the case where im starting to notice how long it takes firefox to start. Sometimes more features does not mean better. Its like anything, cars, mobile phones, TVs, they all have major feature bloat.
    I found it actually impossible to buy a new mobile *without* internet access. Its insane. i remember when you didnt have an animated 'startup' screen for your phone, because the damned things just switched on.

    Feature bloat -> just say no :D

    --
    DRM-free indie games for the PC and Mac: Positech Games
    1. Re:Browsers are just too complex by Goaway · · Score: 5, Funny

      Here's your porch, here's your chair, and here's your lawn. Now repeat after me, "DAMN KIDS! GET OFFA MY LAWN!"

    2. Re:Browsers are just too complex by truthsearch · · Score: 2, Interesting
      The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.


      The only reference I could find to an mhtml URI through google (which isn't a vulnerability report) is for HTML email. I've generated multi-part MIME email content and never once came across this type of URI. So if someone could elaborate on why this feature even exists it would be helpful.
      --
      Developers: We can use your help.
    3. Re:Browsers are just too complex by hey! · · Score: 4, Interesting

      Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users.

      I don't think this is the case, because for the most part users don't choose which broswer features they use; web sites do that for them.

      However, I think the web development model is far too complex, which both causes site developers to create security holes in their applications, and creates many places for security holes to exist in the browser itself.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    4. Re:Browsers are just too complex by acvh · · Score: 4, Insightful

      While I agree with your No Bloat argument, you neglected an oft overlooked reason that IE contains all these "features", and it's not web developers. It's application developers. There are a slew of vertical market applications that many small to midsize companies are using, where the developer has dropped, or maybe never had, its own user interface, in favor of using IE and ActiveX controls. Insurance brokerages, medical practices, law firms and more, all of them have large, commercial, expensive applications available to them for running their businesses, and many of them are IE based. IE in these cases is just the front end to data stores running on everything from SQL Server on Intel to AIX on Power to whatever. Many times with no Internet connectivity at all.

      MSFT can't just disable, drop or change these features, because doing so could break an enter business. So they just pile up more and more code into an already chaotic program.

    5. Re:Browsers are just too complex by aadvancedGIR · · Score: 2, Interesting

      If only it was only unused stuff, it wouldn't be that bad.
      I recently visited the website of a car manufacturer which was full of (I don't want to know which one) cool things to replace the HTML and no kidding (I used my watch), I had between 80 and 200s between the moment I pushed a button and the expected effect (and yes, I was under up-to-date XP/IE6 with a perfectly working 11Mb/s line and it was not at a moment they should be expecting much trafic). The site was of course really nice looking, but it could have been done with just a little JS and Flash.

      It gives me the impression that some web developpers just want to steal some money selling useless trendy stuff to their clients and then extort the fix (rollback).

    6. Re:Browsers are just too complex by AKAImBatman · · Score: 5, Insightful
      Thats the root of the problem. I'd wager 90% of the functioanlity for browsers is only used by 5% of end users.

      You would lose that wager. 80%+ of the technology that makes web browsers tick is required just to show you a blasted web page. The standardized APIs allow a good way for JavaScript to then make those pages interactive. Not too many sites are JavaScript-free these days.

      What I think you're trying to say, is that features above and beyond the W3C standards are:

      1. Not useful
      2. Poor attempts at lockin
      3. Dangerous

      If Microsoft would just stick to the bloody standards, we'd all be better off. Unfortunately, they're still in 1995 mode, trying to beat Netscape at their own propertization game. It wouldn't surprise me if the requests for DOM 2 Events support were STILL ignored in this "final" release of IE7. *grumble* And Microsoft thinks developers will like them because of this?
      --
      Javascript + Nintendo DSi = DSiCade
    7. Re:Browsers are just too complex by jazman_777 · · Score: 2, Funny
      a slimmed down version of Firefox


      We could call it "Phoenix."

      --
      Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
    8. Re:Browsers are just too complex by cliffski · · Score: 3, Insightful

      hang on, my dad has a Razor phone, thats exactly the kind of thing I didnt want. thats bloatware extreme. I dont want web acecss, or even the option for it, or the buttons for it, or anything. Not a camera, not a microphone, nada. zip.
      I just want a phone. to make and recieve calls. I dont even text.

      I know I know, Im old.

      --
      DRM-free indie games for the PC and Mac: Positech Games
    9. Re:Browsers are just too complex by zcat_NZ · · Score: 2, Informative

      Or perhaps we could have the best of both worlds; plain text markup which makes web design and debugging easier, and some way that the server and browser can agree to deliver the content in a compressed stream.

      Like this: http://www.websiteoptimization.com/speed/tweak/com press/

      --
      455fe10422ca29c4933f95052b792ab2
  5. Old exploit by Iphtashu+Fitz · · Score: 4, Informative

    This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released.

    1. Re:Old exploit by otacon · · Score: 2, Insightful

      That is all the more reason to be concerned about it. If the flaw was known in IE6 then why in the world wouldn't it have been addressed in IE7, I mean they've been working on it for half the decade for crying out loud.

      --
      In a world of acronyms, the words are the real victims.
    2. Re:Old exploit by kfg · · Score: 3, Funny

      So, what you're saying is that Bill's dog ate the patch?

      KFG

    3. Re:Old exploit by abaddononion · · Score: 5, Interesting
      This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released.

      To me, at least, that's kind of the point. I mean, this is an old old IE6 bug, that M$ has known about for a certainly reasonable amount of time. Yet, they still haven't fixed it. And not to say it's a big deal that they haven't fixed it in IE6 yet. It's not like it's a Critical Priority bug (no pirates can steal Windows or MP3s because of it). But they point is, they did their whole "We heard you" campaign, and claimed IE7 was going to be this great new secure landscape... and they didn't even clean up the old IE6 bugs they KNEW about? I mean, seriously, at this point are we supposed to believe that they're even trying?
    4. Re:Old exploit by Overly+Critical+Guy · · Score: 5, Insightful

      Well, you could argue that it was quickly discovered to still exist in IE7. Interestingly, this vulnerability contradicts claims that IE7 is a rewrite. Clearly, it is not.

      --
      "Sufferin' succotash."
  6. Misunderstanding by MrSquishy · · Score: 5, Funny

    Maybe the line should read "You wanted it easier AND more secure?".

    1. Re:Misunderstanding by Adelbert · · Score: 2, Funny

      "Works on contingency? No, money down!"

  7. Re:This is news??? by smooth+wombat · · Score: 3, Informative
    Next time a bug is found in FF, I'm going to contact the media and scream bloody murder.


    It's already been done and found to be a hoax.

    Anything else you want to complain about?

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  8. Let's be fair by Lars+T. · · Score: 5, Informative

    The same problem is known on IE 6 since April 2006

    --

    Lars T.

    To the guy who modded me down from perfect to terrible Karma - Apple haters still suck

    1. Re:Let's be fair by Overly+Critical+Guy · · Score: 4, Insightful

      That makes it worse. Not only is IE7 not a "rewrite" as some claimed, but it doesn't fix known vulnerabilities in its previous version. At least if it was new code, you could understand and expect an unknown vulnerability.

      --
      "Sufferin' succotash."
    2. Re:Let's be fair by poulbailey · · Score: 2, Insightful
      Not only is IE7 not a "rewrite" as some claimed
      That's the second time you've said this. Who exactly claimed IE7 was a rewrite? Microsoft or the voices in your head?
    3. Re:Let's be fair by Overly+Critical+Guy · · Score: 3, Informative

      All right, here's just one result from Google: "fundamental rewrite"

      --
      "Sufferin' succotash."
  9. Not much of a surprise by Salvance · · Score: 2, Insightful

    This shouldn't be too much of a suprise ... how many software products are 100% bug free when released, particularly Microsoft's? Anyone who downloads or buys any software within the first few weeks is just asking for it ... and anyone who buys a Microsoft product within the first year is bound to have issues, whether security breaches or just annoying bugs.

    --
    Crack - Free with every butt and set of boobs
  10. News? by Treacharous · · Score: 3, Funny

    Doesn't everyone use firefox anyway?

  11. Vista RC2 by jkl6648 · · Score: 2, Interesting

    I just ran the exploit test using IE7 under Vista RC2, and it came back and said that my browser "does not appear to be vulnerable to this particular exploit", so is this just a IE7 under XP issue?

    1. Re:Vista RC2 by Chosen+Reject · · Score: 2, Insightful

      So an old vulnerability that was already known in IE6 shows up in IE7 and we're not supposed to be worried? There is this concept called credibility. It relates to someone's trustability. Not that Microsoft had a lot of it before, but when there new fangled browser that is so much more secure still contains a vulnerability from 6 months ago, IE7 starts with a default of ZERO credibility.

      --
      Stop Global Warming!
      Just say no to irreversible processes!
  12. Active Scripting by DoomfrogBW · · Score: 2, Insightful

    This has been a problem in Internet Explorer for a while (IE 6 and prior versions). Most people turn off Active Scripting because of the vulnerabilities. You can disable it and have "trusted" sites for those sites which you want to enable active scripting like http://windowsupdate.microsoft.com./

  13. Re:Firefox by QBasicer · · Score: 2, Insightful

    We get a quarter, actually. Obviously people are going to defend what they like. I like Firefox, although I never used to. I used to hate Mozilla, Netscape and family. I used Opera for a while, but I just don't like IE. I'm sure the day is soon coming when FireFox will have exploit after exploit.

    --
    x86, oh yes, I'm pro.
  14. Come on by critter_hunter · · Score: 3, Informative

    It's a "Less critical" vulnerability - not really dangerous at all. Firefox still has equally important unpatched "vulnerabilities" - some of which date back to 2004. Retards.

    --
    Karma: Could be worse (could be raining)
    1. Re:Come on by truthsearch · · Score: 4, Informative

      This IE hole requires no user interaction. Unlike the firefox bugs he links to a simple web page can leverage this IE hole with no extra user input. And considering the URI exploited is used within email I'd imagine Outlook is susceptable, too. So the firefox vulnerabilities mentioned are much less likely to be exploited than this IE hole.

      --
      Developers: We can use your help.
  15. Re:This is news??? by shadowmas · · Score: 3, Insightful

    the problem isn't so much as not having bugs in FF but the fact that MS is trying to make it look like the new IE is revolutionary and secure than FF.

  16. Yawn. by Honest+Olaf · · Score: 5, Funny

    Stretch. Scratch.

    Oh, an IE vulnerability? That's cool man.

    Hey, anyone want to get some lunch?

  17. Re:Firefox by Anonymous Coward · · Score: 5, Interesting

    Actually Firefox has a similar vulnerability, which has been unpatched for months (as a design decision - there is no way to patch it without breaking useful stuff).

    This is a new report of a old vulnerability which isn't serious. The fact that it's been released "not 24 hours" after IE 7 was released is, I would think, because someone decided to release it to coincide with the launch.

  18. IE7 maybe not vulnerable? by jrsp · · Score: 5, Informative

    IE7, freshly installed this morning, on XP SP2 reports not vulnerable. Perhaps it was already patched, or the exposure is more limited than the post implies...

    Not an MS fan, but truth and accuracy are always good.

    1. Re:IE7 maybe not vulnerable? by truthsearch · · Score: 3, Informative
      Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.

      http://secunia.com/advisories/22477/
      --
      Developers: We can use your help.
  19. Re:Firefox by towsonu2003 · · Score: 2, Interesting

    and your reference is? (link to the bug report)

  20. Helllloo? by thepotoo · · Score: 5, Insightful
    Last time I checked, Firefox was open source. You are more than welcome to fork the project and make a "lite" version. I would probably give it a try.

    But, don't forget that if you strip away too much, you'll end up with Lynx. Some people like at least images and css, you know?

    --
    Obligatory Soundbite Catchphrase
  21. FYP by tygerstripes · · Score: 2, Insightful
    I would not trust IE unless it is rewritten from scratch.
    ...by someone else.
    --
    Meta will eat itself
  22. Re:Firefox by diersing · · Score: 2, Insightful

    And if you were honest you wouldn't be hiding behind the AC label.

  23. Re:Firefox by bozendoka · · Score: 3, Funny

    I agree completely. Heaven knows there weren't any fanboys on Slashdot before Firefox.

    Ah, those were the days... rational discourse, on topic discussions, no spelling errors...Why, I remember one time, I said that I thought that Gentoo could be a little easier to install, and nobody modded me down. Dammit, I promised myself I wasn't going to cry!

    --
    "You will soon be more aware of your growing awareness." - My first recursive fortune cookie!
  24. Re:Firefox by Robber+Baron · · Score: 2, Funny

    I use lynx to surf pr0n!

    --

    You're using her as bait, Master!

  25. Lynx vs. links. Security? Standards? Usability? by abaddononion · · Score: 2, Funny

    Let the CLI-browser flame-wars begin!

    1. Re:Lynx vs. links. Security? Standards? Usability? by rk · · Score: 4, Funny

      Links? Lynx? You're all wimps.

      I posted this by hand using "telnet slashdot.org 80".

    2. Re:Lynx vs. links. Security? Standards? Usability? by aymanh · · Score: 4, Funny

      You need a computer program to post? How amateurish! I'm posting this by waving a magnet next to a phone cable ;)

      --
      python>>> q="'";s='q="%c";s=%c%s%c;print s%%(q,q,s,q)';print s%(q,q,s,q)
  26. Re:Firefox by GuidoW · · Score: 4, Informative

    Excuse, but where did you read that FF has that exact same vulnerability?

    Also, even though FF does have issues, I believe you'll be hard pressed to find a vulnerability in FF that has been known for years and still gone unfixed. (According to heise on http://www.heise-security.co.uk/news/79745 this is actually an old bug that also affects IE 6)

    --
    If it's so secret, then how come I've never heard of it?
  27. There will always be issues by Programmer_In_Traini · · Score: 3, Insightful

    People will always find something. When you got hundreds of thousands of people checking your software for whatever issue they can find, odds are that they WILL find something. Just because its fun to bash MS doesnt mean its feasible to create a software with zero vulnerabilitise, that's impossible, new vulnerabilites are created each weeks.

    I mind much less IE's security than IE's compliance to w3 standards. now THAT is annoying. having constantly to create two versions of your code. one for the compliant browsers and then one for IE.

    For some reason, the suits at MS thinks that because lots of people use their software they have a moral obligation to tell people what the standards should be. Ok...I know IE7 is not as bad... but its still bad :-)

    --
    If you look like your passport photo, you're too ill to travel. - Will Kommen
  28. Re:"Suprise, Suprise, Suprise" -- Gomer Pyle. by chrismcdirty · · Score: 2, Insightful

    I like how Firefox originally started as the slimmer, less resource-intensive version of Mozilla. And look where it is now.

    --
    It's like sex, except I'm having it!
  29. FireTroll or TrollFox... nope, just a good idea by h2g2bob · · Score: 2, Informative

    It's a little harsh to call that a troll.

    It's a serious point. You could make a lite version. Lots of people would give it a try, me included. And there have already been forks of Firefox, like IceWeasel and Tor Park.

    If it were talking about forking IE, it should be labeled "joke". As it's talking about Open Source stuff, it should be "insigtful".

  30. Not poor programmers? by www.sorehands.com · · Score: 2, Insightful

    These days it seems as though many programmers don't know assember. They don't know what it is program with limited amounts of memory and how to write tight and fast code. Part of it may be marketing checklists, but some of it is ignorance and lazyness.

    --
    Fight Spammers!
  31. Brillant Link. by Bake · · Score: 3, Informative

    Took me all of 3 seconds Googleing for "brillant site:thedailywtf.com".

    Paula's Brillant Bean:

    http://thedailywtf.com/forums/40043/ShowPost.aspx

  32. Eh? by Fallen+Mongoose · · Score: 2, Funny

    I guess it's a canadian mother.

  33. Re:Firefox by morgan_greywolf · · Score: 3, Funny
    I don't see what this "web technology" can do that a newspaper can't.


    Video pr0n.
    --
    My blog
  34. Using Vista RC1 by Utopia · · Score: 4, Interesting

    The Secunia test says I am not vulnerable with Vista RC1

    Vista RC1 was released almost a month ago.
    So I am surprised this new XP IE7 build still exibits this issue.

    Looking at the source, I suspect this is not a IE issue at all, instead this is a MSXML issue.
    Vista has anewer version of MSXML.
    XP IE7 seems to be using the older version.

  35. Re:Firefox by gkhan1 · · Score: 2, Insightful

    He has made 291 comments in the past. He has a number of fans and a number of freaks. He has made comments that some people like and some people don't like, and no matter what he stands for it, by using his account. You're a coward because you make trollish comments and don't have the balls to stand for what you say. You're worried that some people might use your comments against you in a future discussion, or you're worried that this might harm your karma.

    The difference? He's a man that's not afraid to stand by what he said, you're a small boy that runs around a creates a mess and then blames some one else. If you have any sort of backbone and not a spine made of jello, you should reveal your username. No? I figured you wouldn't.

  36. Doesn't work on Vista by DigitlDud · · Score: 2, Informative

    The exploit fails running on IE7 in Vista with protected mode.

  37. So much for "more secure"? by Trillan · · Score: 4, Funny

    Dude, 24 hours is more secure for Internet Explorer.

  38. Re:Memory leaks by bunratty · · Score: 2, Informative
    MS has neglected several areas, one being the whole JavaScript area where IE still leaks memory like a sieve.
    That's no problem. See, Microsoft wrote this real nice article explaining how we can change all the JavaScript code on the web to work around its leaks. Get to work web developers!
    --
    What a fool believes, he sees, no wise man has the power to reason away.
  39. Which version? by Greyzone · · Score: 2, Informative

    I just tested Firefox 1.5.0.7 and it is not vulnerable.

    So just what version are you discussing here?

  40. Re:Firefox by orgelspieler · · Score: 2, Funny

    that, too, can be done in print, thanks to the magic of flipbooks.

  41. What about that IE7 registry key to block setup? by HalfOfOne · · Score: 2, Informative

    Anyone else notice that the registry key that was touted as preventing the IE7 upgrade doesn't do jack?

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\7.0]
    "DoNotAllowIE70"=dword:00000001

    I had thought it would categorically deny even the downloaded setup file, not just setups that were (eventually) launched from inside WindowsUpdate.

  42. Its not true by Ultragames · · Score: 3, Insightful

    Here is the line of code they use to get the source of the said 3rd party page: request.open('GET', 'http://secu'+'nia.com/ie_redir_test_1/?' + Math.random(), true); Here is why this 'bug' does not do what they say it does: The browser does not allow AJAX style connetions to any domain outside of the one you are currently on. To 'get around this' Secunia has connected to a page on thier server which then goes and gets the code. Probaly using a readfile command. Here is why this is NOT a browser bug: The page that they are calling is on thier server which means that it does not have your cookies or your session data. The server page that they are opening can only view the page from the stand point of an not-logged-in user. This isn't a new trick that Secunia just invented, it is used quite often to get data from other websites. But the only way to log into another website in this manner is the have the server side page open a socket into that 3rd party page. This cannot be done, again, because their server does not have your cookie data. This is not a browser bug.

    1. Re:Its not true by julesh · · Score: 2, Informative

      That's not actually what they're doing. Try connecting to that address. Here's what you get:

      Trying 213.150.41.226...
      Connected to secunia.com.
      Escape character is '^]'.
      GET /ie_redir_test_1 HTTP/1.1
      Host: www.secunia.com
      Connection: close

      HTTP/1.1 302 Found
      Date: Thu, 19 Oct 2006 19:30:39 GMT
      Server: Apache
      location: http://secunia.com/ie_redir_test_1
      Connection: close
      Transfer-Encoding: chunked
      Content-Type: text/html

      0

      They're sending an HTTP redirect, and the browser's following it. It will then send the cookies for the redirected URL to the server, and the server will return data expecting it to go into its own security context. This does allow data stealing.

  43. Re:Firefox by notnAP · · Score: 2, Funny

    You ever try to operate a flip book with one hand?