Secunia claims second IE7 flaw
Microsoft confirms there is an 'issue'
IDG News Service - Just one week after claiming that users of Microsoft Corp.'s Internet Explorer 7 browser could be at risk to an online attack, Danish security vendor Secunia ApS is reporting a new bug in the browser.
The bug allows hackers to place a fake Web address in one of the browser's pop-up Windows to trick a victim into inadvertently downloading something from what appears to be a trusted Web site. Secunia has described the flaw in an advisory.
Based on its initial investigation, Microsoft believes that there is "an issue," a spokesman at the company's public relations agency said in an e-mail.
While the full URL of the Web page being displayed is present in the pop-up Window's address bar, the left part of the URL is not initially displayed, the spokesman said.
That problem could allow an attacker to spoof a legitimate Web site, Secunia said.
Microsoft's confirmation may come as a relief to Secunia, which reported another problem in IE7 just hours after the browser was released. Microsoft said Secunia's report was "technically inaccurate," however, because the flaw lay in a component of Microsoft's Outlook Express e-mail client, which could be triggered by the browser. Microsoft's comment on the issue can be found here.
Neither of the bugs is considered to be critical. But coming so soon after IE7's launch, they are somewhat of an embarrassment to Microsoft, which has made much of its focus on delivering secure software.
Secunia was surprised that Microsoft called its first report erroneous, given that the flaw can be triggered only through the browser, said Thomas Kristensen, Secunia's chief technology officer.
"From a technical point of view, Microsoft might be right. But from a user's point of view or an administrator's point of view, it doesn't really matter. IE is the vector," he said. "It was probably unnecessary to go out and try to blame Outlook in that way."
- Who does NSS Labs "Recommend" for NGFW? In 2012, NSS Labs found that most available NGFW solutions "fell short in performance and security effectiveness." In 2013 NSS Labs noted "marked...
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Improving Business Value of WAN Optimization Want to achieve faster ROI with WAN optimization? Read the latest IDC report and discover how you can cut IT costs without compromising...
- Four Little-Known Ways WAN Optimization Can Benefit Your Organization Read this white paper to learn how far WAN optimization has come, and how to make this most of your investments by using...
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency... All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!