[funsec] First IE7 Security Flaw Found
Fergie
fergdawg at netzero.net
Thu Oct 19 10:56:05 CDT 2006
Via Yahoo! News (PC World) and Secunia.
[snip]
Less than 24 hours after the launch of Internet Explorer 7, security
researchers are poking holes in the new browser.
Danish security company Secunia reported today that IE7 contains an
information disclosure vulnerability, the same one it reported in IE6
in April. The vulnerability affects the final version of IE7 running on
Windows XP with Service Pack 2.
If a surfer uses IE7 to visit a maliciously crafted Web site, that site
could exploit the security flaw to read information from a separate,
secure site to which the surfer is logged in. That could enable an
attacker to read banking details, or messages from a Web-mail account,
said Thomas Kristensen, Secunia's chief technology officer.
[snip]
More of the article:
http://news.yahoo.com/s/pcworld/20061019/tc_pcworld/127564
Secunia advisory:
http://secunia.com/advisories/22477/
- ferg
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec
mailing list