IE7 vulnerability discovered already Pants spied around Volish ankles
By INQUIRER newsdesk: Thursday 19 October 2006, 10:00
INSECURITY FIRM Secunia, has already found an insecurity in newly unleashed IE7
The vulnerability can be exploited to disclose potentially sensitive information the firm says, though it gives it just two out of five on its criticality meter.
An exasperated Thomas Kristensen, CTO of Secunnia says, "It is the half-year old information disclosure vulnerability which allows malicious sites to sneak on the content of other sites which hasn't been patched in the brand new IE7 release."
The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site, the firm notes, here.,
The firm posted an online demonstration, of the vulnerability here.
You MAY test if you have this security problem if you have IE7 here...
http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/