Vulnerability found in IE7 already

Security company Secunia has found a flaw in the IE7 browser only hours after it was released.

The company rates the vulnerability as 'less critical'. This is the second-lowest level on Secunia's scale of five.

Secunia says the flaw potentially allows exposure of sensitive data, and has been confirmed on a fully patched system with Internet Explorer 7 and Microsoft Windows XP SP2.

According to the company the vulnerability is caused due to an error in the handling of redirections for URLs, and can be exploited to access documents served from another website.

Microsoft has subsequently denied that the flaw lies in IE7 and has claimed that the problem is actually within Outlook Express.

Earlier this week another security company, SurfControl, warned internet users of a spoofed email claiming to be from Microsoft. The email is from the address 'support@microsoft.com' and invites you to download Release Candidate 1 of IE7. It contains a link to what looks like a genuine Microsoft page. However, the site is fraudulent and installs a Trojan on your system.

http://secunia.com/advisories/22477/
http://www.microsoft.com/
http://www.surfcontrol.com/

More news via RSS Post item to Del.icio.us Post item to Digg.com