New Zero-Day Vulnerability In Windows

Jimmy T writes "Microsoft and Secunia are warning about the discovery of a new 'Zero-day' vulnerability affecting all Microsoft based operating systems except Windows 2003. Both companies states that the vulnerability is currently being exploited by malicious websites. One attack vector is through Internet Explorer 6/7 — so be aware where you surf to."

Re:Seriously, Is Firefox susceptible to this too?

[Shados]

Yes and no. This flaw is specific to XMLHTTP, which is kind of developed independantly. You also can use XMLHTTP without using IE at all, thats why I say its independant. Its probably a buffer overflow, and not much to do about it in this case. So yes IE7 has a flaw, but there really isn't anything they could do in the current context. -HOWEVER-, while IE7 is more secure than IE6 in a million ways, the WinXP version is nothing but a shadow of the real thing. The sandboxed IE7 is on Vista only, and I'm pretty damn sure this vulnerability is not an issue there. Anyway, so its more semantic here, but you could say "yes, IE7 has a vulnerability". however, its a little bit like if there was a vulnerability in KDELIB across the board...obviously that would touch Konqueror, no matter how secure Konquerer itself is... Can't excuse that one though. IE7 on XP is far, far from secure. More secure, but not secure.