New browser — same vulnerability
For the second consecutive year Secunia claims it
has found a flaw on Microsoft’s Internet Explorer browser, and this
year’s flaw is the same as last year.
For the second consecutive year Secunia claims it has found a flaw on Microsoft’s Internet Explorer browser, and this year’s flaw is the same as last year.
The flaw discovered in 2005 on Explorer 6 and now on Explorer 7, enables attackers to steal user information that’s being entered on a separate website, just as long as the user is visiting a site exploiting the flaw in another window.
Last year Secunia found the same flaw in Internet Explorer 6, but it remains unpatched by Microsoft.
Until the flaw is patched, Secunia says an alternative solution is to “disable active scripting support.” Details on how to do this can be found on Microsoft’s website.
But a Microsoft spokesman said the reports by Secunia are technically inaccurate.
“The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express,” he said “While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express.”
Oh! Thanks for that clarification.
Posted: Fri - October 20, 2006 at 06:44 AM