On Wednesday, as BetaNews reported, security services vendor Secunia stated that a long-standing, unpatched MHTML redirection exploit, found to affect Internet Explorer 6.0 as early as November 2003, affects the final release version of IE7. Yesterday, Microsoft security team member Christopher Budd responded to that claim by saying the exploit in question actually affects Outlook Express, even though IE7 may continue to provide the "attack vector" for this exploit.
This morning, in a detailed response to BetaNews, Secunia CTO Thomas Kristensen held true to his company's stance that the exploit is attributable to Microsoft's new Web browser, the final version of which was released earlier this week.
"Microsoft claims the recent IE7 vulnerability is an Outlook Express vulnerability," begins Kristensen's statement to us. "This may be true, from an organizational point of view within Microsoft. However, the vulnerability is fully exploitable via IE, which is the primary attack vector, if not the only attack vector."