IE7 Vulnerability Discovered

slidersv writes "Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the "you wanted it easier and more secure" slogan found on Microsoft's IE Website."

Old exploit

[Iphtashu Fitz]

This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released.

Re:This is news???

[smooth wombat]

Next time a bug is found in FF, I'm going to contact the media and scream bloody murder.

It's already been done [slashdot.org] and found to be a hoax [slashdot.org].

Anything else you want to complain about?

Let's be fair

[Lars T.]

The same problem is known on IE 6 since April 2006 [secunia.com]

Come on

[critter_hunter]

It's a "Less critical" vulnerability - not really dangerous at all. Firefox still has equally important unpatched "vulnerabilities" [secunia.com] - some of which [secunia.com] date back to 2004 [secunia.com]. Retards.

Re:two words

[Anonymous Coward]

you can't think of all that details when rushing for a first post

IE7 maybe not vulnerable?

[jrsp]

IE7, freshly installed this morning, on XP SP2 reports not vulnerable. Perhaps it was already patched, or the exposure is more limited than the post implies...

Not an MS fan, but truth and accuracy are always good.

Re:IE7 maybe not vulnerable?

[truthsearch]

Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.

http://secunia.com/advisories/22477/ [secunia.com]

Re:Firefox

[GuidoW]

Excuse, but where did you read that FF has that exact same vulnerability?

Also, even though FF does have issues, I believe you'll be hard pressed to find a vulnerability in FF that has been known for years and still gone unfixed. (According to heise on http://www.heise-security.co.uk/news/79745 [heise-security.co.uk] this is actually an old bug that also affects IE 6)

Re:two words

[OakDragon]

Interesting... but I always think of this [imageshack.us] when I hear "ha ha."

FireTroll or TrollFox... nope, just a good idea

[h2g2bob]

It's a little harsh to call that a troll.

It's a serious point. You could make a lite version. Lots of people would give it a try, me included. And there have already been forks of Firefox, like IceWeasel and Tor Park.

If it were talking about forking IE, it should be labeled "joke". As it's talking about Open Source stuff, it should be "insigtful".

Re:two words

[l_bratch]

Not an issue - domains actually have a dot at the end, in the format, e.g.:

blabla.tld.

http://www.google.com/ [google.com]
http://www.google.com./ [www.google.com]

Both work.

Brillant Link.

[Bake]

Took me all of 3 seconds Googleing for "brillant site:thedailywtf.com".

Paula's Brillant Bean:

http://thedailywtf.com/forums/40043/ShowPost.aspx [thedailywtf.com]

Re:Come on

[truthsearch]

This IE hole requires no user interaction. Unlike the firefox bugs he links to a simple web page can leverage this IE hole with no extra user input. And considering the URI exploited is used within email I'd imagine Outlook is susceptable, too. So the firefox vulnerabilities mentioned are much less likely to be exploited than this IE hole.

Doesn't work on Vista

[DigitlDud]

The exploit fails running on IE7 in Vista with protected mode.

Re:Memory leaks

[bunratty]

MS has neglected several areas, one being the whole JavaScript area where IE still leaks memory like a sieve.

That's no problem. See, Microsoft wrote this real nice article explaining how we can change all the JavaScript code on the web to work around its leaks [microsoft.com]. Get to work web developers!

Which version?

[Greyzone]

I just tested Firefox 1.5.0.7 and it is not vulnerable.

So just what version are you discussing here?

What about that IE7 registry key to block setup?

[HalfOfOne]

Anyone else notice that the registry key that was touted as preventing the IE7 upgrade doesn't do jack?

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\7.0]
"DoNotAllowIE70"=dword:00000001

I had thought it would categorically deny even the downloaded setup file, not just setups that were (eventually) launched from inside WindowsUpdate.

Re:Browsers are just too complex

[zcat_NZ]

Or perhaps we could have the best of both worlds; plain text markup which makes web design and debugging easier, and some way that the server and browser can agree to deliver the content in a compressed stream.

Like this: http://www.websiteoptimization.com/speed/tweak/com press/ [websiteoptimization.com]

Re:Its not true

[julesh]

That's not actually what they're doing. Try connecting to that address. Here's what you get:

Trying 213.150.41.226...
Connected to secunia.com.
Escape character is '^]'.
GET /ie_redir_test_1 HTTP/1.1
Host: www.secunia.com
Connection: close

HTTP/1.1 302 Found
Date: Thu, 19 Oct 2006 19:30:39 GMT
Server: Apache
location: http://secunia.com/ie_redir_test_1 [secunia.com]
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

0

They're sending an HTTP redirect, and the browser's following it. It will then send the cookies for the redirected URL to the server, and the server will return data expecting it to go into its own security context. This does allow data stealing.

Not an IE flaw, but an Outlook Express flaw

[PNutts]

See BetaNews for details: http://www.betanews.com/article/MS_IE7_Flaw_Really _in_Outlook_Express/1161290765 [betanews.com]

MS: IE7 Flaw Really in Outlook Express
By Nate Mook, BetaNews
October 19, 2006, 4:46 PM
Microsoft responded Thursday to reports of the first exploit affecting Internet Explorer 7, which cropped up less than 24 hours after the browser's official launch. Christopher Budd from Microsoft's Security Response Center says the flaw lies not in IE7, but in an Outlook Express component.

This fact could explain why the problem first surfaced back in November 2003 and was found to affect IE6 last April. "While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express," Budd said. Microsoft notes it has received no reports of any attacks against customers, but is investigating the situation and may release a patch if necessary.

Re:Let's be fair

[Overly Critical Guy]

All right, here's just one result from Google: "fundamental rewrite" [wsj.com]