Internet Explorer 7 Released!!!!

Status
Not open for further replies.
Less than 24 hours after its final release, Internet Explorer 7 has been found to be vulnerable to an exploit dating back to November 2003, which was discovered affecting IE6 last April. The issue surrounds Microsoft's handling of MIME HTML resources, security company Secunia said in an advisory.

The vulnerability apparently involves a very simple trick where a call to a MIME HTML, or MHTML, resource can trigger the running of an executable file, even with high-level security settings.

An MHTML resource is a "Web archive" of multiple elements, often including media and sometimes (though not preferably) executable files. Through Microsoft browsers, it's addressed as a single resource with the extension .MHT.

A call placed to an .MHT resource is phrased using an old Microsoft two-part convention, where the location of the resource is separated from its identity with an exclamation point, not unlike similar syntaxes in Excel and earlier versions of Visual Basic.

http://www.betanews.com/article/IE7_Final_Vulnerable_to_Old_Exploit/1161275418
 
Does IE7 work on windows 2000 machines?
I dont see why it wouldnt but cant find any information about that on the FAQ page
 
On Wednesday, as BetaNews reported, security services vendor Secunia stated that a long-standing, unpatched MHTML redirection exploit, found to affect Internet Explorer 6.0 as early as November 2003, affects the final release version of IE7. Yesterday, Microsoft security team member Christopher Budd responded to that claim by saying the exploit in question actually affects Outlook Express, even though IE7 may continue to provide the "attack vector" for this exploit.

This morning, in a detailed response to BetaNews, Secunia CTO Thomas Kristensen held true to his company's stance that the exploit is attributable to Microsoft's new Web browser, the final version of which was released earlier this week.

"Microsoft claims the recent IE7 vulnerability is an Outlook Express vulnerability," begins Kristensen's statement to us. "This may be true, from an organizational point of view within Microsoft. However, the vulnerability is fully exploitable via IE, which is the primary attack vector, if not the only attack vector."

http://www.betanews.com/article/Secunia_Exploit_Truly_Does_Affect_IE7/1161359538
 
Status
Not open for further replies.
Back
Top Bottom