RSSAddress Redirection Cause of IE7 Issue
By Scott M. Fulton, III | Published October 20, 2006, 4:02 PM
In a test conducted by BetaNews on a fresh installation of the release version of Internet Explorer 7, on a "clean" environment set up within Virtual PC 2004, the browser failed the MHTML content retrieval test. The issue involves redirecting the Web browser to a local resource.
In examining the source code of Secunia's page, we found that a JavaScript function first generates a resource location using pieces of strings, plus a randomly generated number as a throw-away parameter. The location points to a page that apparently triggers an HTTP 302 signal, purportedly that the site location has been rerouted. The problem occurs when the browser -- or some other component of the Web browsing process -- takes the address of the rerouting for granted. With recent versions of IE, including IE7 in our test, the browser pulls up the alternate address regardless of what it contains.
In Secunia's innocuous test, the browser appears to open up the source code for Google News. However, the call to Google News was placed locally, meaning the redirection successfully forced the browser to parse a local resource request. It could conceivably just as easily have placed a request to execute a program locally.
In our tests, Firefox 1.5 successfully squelched the redirection call to a local resource.
Yesterday, as we reported, Microsoft stated that the vulnerable component was actually attributable to Outlook Express, not Internet Explorer. Back in 2003, when the vulnerability was first discovered, Microsoft did direct users to download Outlook Express patches, although those patches may have successfully shut off the accessibility for that vulnerability through OE, rather than change the redirection function itself.
This evidence indicates that the source of the vulnerability is probably deeper than both OE and IE. As SecurityFocus noted in its first 2003 reports of a vulnerability affecting Outlook Express, Microsoft initially -- and perhaps ironically -- offered explanations that tried to shift at least some of the blame to Internet Explorer.
Microsoft said Thursday it is investigating the issue, and plans to provide further guidance to customers.
Just a suggestion, until this is addressed. If you feel up to it, you can download 'DropMyRights' and use it as a quasi-prodect mode for Internet and Mail.
MSDN Download and info:
http://msdn.microsoft.co...html/secure11152004.asp
Score: 0
|is this the same as the ...
make a shortcut to "notepad.exe" call it "www.hotmail.com"
then go to IE and enter "www.hotmail.com" and notepad pops up
Score: 0
|I tried twice to install IE7 both the beta and the newly announced finished product. Both times I received an error in my SBC/ATT browser relating to a missing or corrupt dll file, so I restored to an earlier state thereby removing IE7 and haven't had any problems since. Fix your product before you put it on the market MICROSOFT!!!!
Score: 0
|Would it not be simpler to not install buggy software on YOUR system? :)
Score: 0
|"I received an error in my SBC/ATT browser relating to a missing or corrupt dll file, so I restored to an earlier state thereby removing IE7 and haven't had any problems since."
Isn't this a problem with your SBC/ATT browser, and not the IE7? If anybody here expects Microsoft to conform all of their code to work with the billions of third party software packages out there, and spend the years required to verify compatability all third-parties, raise your hand...
Score: 0
|But it is easier to blame MS isn't it? :) It is ALWAYS MS' fault.
I am sure you did the same thing I did when you read kenswanbeck's comment...just shake your head in disbelief...
Score: 0
|Why doesn't this work in Vista RC2 then? Does it not affect IE7 in that version? If/When IE7F is released over Windows Update there, I'll try it again...
Score: 0
|Because Vista has Windows Mail, which ostensibly does not contain the buggy component in Outlook Express/IE that causes the problem.
Also, IE7 in Vista runs in "Protected Mode" that is designed to stop malicious attacks like this, even if there was a vulnerability to exploit.
Score: 0
|Exactly.
Score: 0
|