Home Home | Current issue Current issue
Login: Password: Forget password? / Register New User
Games Graphics & Design MP3 & Audio Internet & Networks System & Utilities Home & Education Business WebDev SoftDev
Issue: October 2006 > Internet & Networks > Article "Secunia Claims Second IE 7 Flaw"
Advertisement on Onekit.com Software Magazine

Secunia Claims Second IE 7 Flaw (Secunia Claims Second IE 7 Flaw)  Secunia Claims Second IE 7 Flaw

Internet & Networks
Security firm finds a bug that could allow hackers to spoof Web sites; Microsoft says there's an issue.

Just one week after claiming that users of Microsoft's Internet Explorer 7 browser could be at risk to an online attack, Danish security vendor Secunia is reporting a new bug in the browser.

The bug allows hackers to place a fake Web address in one of the browser's pop-up Windows, and could be used to trick a victim into inadvertently downloading something from what appeared to be a trusted Web site. Secunia has described the flaw in an advisory.


Bug Confirmed

Based on its initial investigation, Microsoft believes that there is "an issue," a spokesman with the company's public relations agency said in an e-mail.

While the full URL of the Web page being displayed is present in the pop-up Window's address bar, the left part of this URL is not initially displayed, the spokesman said.

That problem could allow an attacker to spoof a legitimate Web site, Secunia said.


Last Week's Bug Debated

Microsoft's confirmation may come as a relief to Secunia, which reported another problem in IE 7, just hours after the browser was released. Microsoft said Secunia's report was "technically inaccurate", however, because the flaw lay in a component of Microsoft's Outlook Express e-mail client, which could be triggered by the browser.

Neither of the bugs is considered to be particularly critical. But coming so soon after IE 7's launch, they are somewhat of an embarrassment to Microsoft, which has made much of its focus on delivering secure software.

Secunia was surprised that Microsoft called its first report erroneous, given that the flaw can only be triggered through the browser, said Thomas Kristensen, Secunia's chief technology officer. "From a technical point of view, Microsoft might be right, but from a user's point of view, or an administrator's point of view, it doesn't really matter. IE is the vector," he said. "It was probably unnecessary to go out and try to blame Outlook in that way."
October 27, 2006 Author: Robert McMillan
There are no users' comments | Post your comment

Related Links:
Advertisement Advertisement
about / contact us | Copyright 2003-2009 - Software Magazine, onekit.com, Legal Notices