Internet Explorer 7 (IE7) Vulnerability Hits the Streets

The New Acunetix V12 Engine


This was a while back, but with Microsoft’s security record it’s pretty much inevitable..

Even before release (as with Vista) flaws were found.

Introduction

A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.

Test Case / Demonstration

The test will try to read content from http://news.google.com/ in the context of your browser.

Follow the source link below for the test.

So much for the “You wanted it easier and more secure” slogan found on Microsoft’s IE Website.

Source: Secunia

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , , , , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


3 Responses to Internet Explorer 7 (IE7) Vulnerability Hits the Streets

  1. Gouki December 5, 2006 at 6:55 am #

    “This was a while back, but with Microsoft’s security record it’s pretty much inevitable..

    Even before release (as with Vista) flaws were found.”

    I don’t understand these kind of comments. Regarding Vista security, I don’t see a problem with bugs being found!! Isn’t that the whole point of releasing BETA’s? If they didn’t want the public input they would just save it to themselfs and make one release, the final!

    For instances, the blue pill which was developed by a russian female hacker is no longer exploited, and like these I’m certain that are dozen more. Now, I don’t know anything about the exploit posted, but I just don’t understand all the comments regarding something that isn’t out yet!

    If we want to test the security of something let’s wait until it’s final. Unless we want to contribute with testing, and use the BETA for testing purposes *ONLY*!

  2. Sam Spade December 5, 2006 at 9:30 am #

    MSMVPS

    “These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express.”

    Also, the vulnerability is not reproducible on Windows Vista.”

  3. Darknet December 5, 2006 at 4:40 pm #

    Gouki: MS are known for the incompetent coding and pushing out software before it’s ready, often known as public BETA testing. They go for monopoly over security, just look at the way they tried to lock out all of the security vendors in Vista, they only let them in after a fight. They do fix problems…but look at their average patch time for crtical flaws, it’s almost as bad as Oracle. BETA or not it would have the same vulnerabilities if these kind members of the public didn’t point them out.

    Sam Spade: Thanks, didn’t have time to research the follow-ups on this. Busy as hell lately.